|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2001-04-07 19:25 UTC] apeeters at lashout dot net
While running the following code, I got weird results in my mailbox. It seemed like I got the entire buffer of 100000 bytes mailed, instead of only the length of the result of the url. And those mails contained php code from another site hosted at the same server. This worries me, and I think this needs a serious checkup.
The bug is reproducible :)
---start---
$fp = fopen("http://someurl/", "r");
$content = fread($fp, 100000);
mail("someone@somehost", "test", $content);
---stop---
Additional info:
'./configure' '--prefix=/usr' '--with-apxs=/usr/sbin/apxs' '--with-gd' '--with-gettext=/usr' '--enable-safe-mode' '--with-config-file-path=/etc/httpd' '--with-exec-dir=/usr/bin' '--with-zlib' '--enable-magic-quotes' '--with-regex=system' '--with-ttf=/usr/lib/libttf.so' '--enable-track-vars' '--enable-xml' '--disable-debug' '--with-db3' '--with-interbase=shared' '--with-pgsql=shared' '--with-ldap' '--with-imap'
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Apr 18 01:01:28 2024 UTC |
I've been testing a bit more and have a clear reproducible codesnippet, it yields the same results in php 4.0.4p1, so I changed the PHP version for this bugreport. ---start--- $fp = fopen("http://www.newsplanet.be/", "r"); $content = fread($fp, 100000); fclose($fp); $fp = fopen("http://www.google.com/", "r"); $content = fread($fp, 100000); mail("me@host", "topic", $content); ---stop--- In this mail, I see the sourcecode from google.com followed by the rest of the code from newsplanet.be. This does occur in about 1/3 of the mails I try, although I'm unable to see why this isn't always the case.I ran it through a couple hundred times and absolutely no PHP code whatsoever. The only problem I see here is $content is never cleaned up properly and contains BOTH of the fread()s jumbled. Which is very strange. $fp = fopen("http://www.newsplanet.be/", "r"); while (!feof($fp)) $content .= fread($fp, 4000); fclose($fp); You would be better off using the above as it works properly. Whomever is handling the fopen-wrappers should probably look at this. -ChrisThis error still exists, not de phpcode part, but the buffering errors, try this several times: ---start--- $fp = fopen("http://www.planetinternet.be/nl/vandaag/", "r"); $content = fread($fp, 100000); fclose($fp); $fp = fopen("http://www.google.com/", "r"); $content = fread($fp, 100000); mail("me@host", "topic", $content); ---stop--- This is an error in the buffer handling routines and should be eliminated. It seems to occur at _every_ request with php4.0.6 !