php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #11664 "Text" in web form interpreted as \"Text\" i.e. \\\"Text\\\"
Submitted: 2001-06-25 09:58 UTC Modified: 2001-06-26 01:58 UTC
From: mlambert at kodak dot com Assigned:
Status: Not a bug Package: Scripting Engine problem
PHP Version: 4.0.6 OS: WinNT 4.0
Private report: No CVE-ID: None
 [2001-06-25 09:58 UTC] mlambert at kodak dot com
Quoted text in Query String e.g "T", passed to form handler as %22T%22, is treated by the action script as
\"T\" (5 characters) as if the output of 
echo  \\\"T\\\";
this is different from
rawurldecode("%22T%22");

Repeated SUBMITS (form below) show the problem increasing


<HTML><BODY>
<FORM ACTION="<?php echo $PHP_SELF; ?>" METHOD="get">
<TEXTAREA NAME="c" > <?php echo $c; ?></TEXTAREA><BR>
<INPUT TYPE="SUBMIT" VALUE="SUBMIT"> </CENTER>
</FORM></BODY></HTML>

Results the same for Apache 3.14 and Xitami2.5b4 servers with both self-reference and external scripts

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-06-26 01:58 UTC] zak@php.net
This is a feature, not a bug. :)

Check out the magic_quote type directives in your php.ini conf file.  Also check out the configuration section and addslashes and stripslashes function writeups in the manual.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 16:01:29 2024 UTC