php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #19460 HTTP_POST_VARS trims 4 characters from left side of each field with array name
Submitted: 2002-09-17 19:12 UTC Modified: 2002-10-19 11:56 UTC
From: khalil at paksys dot com Assigned:
Status: Closed Package: mbstring related
PHP Version: 4.2.3 OS: Linux 2.4.9-34 (RedHat 7.2)
Private report: No CVE-ID:
 [2002-09-17 19:12 UTC] khalil at paksys dot com
After submitting a form, HTTP_POST_VARS trims 4 characters from left side of each field in a form which has name as an array. Example:

<?php
echo "my[1]: " . $my[1] . "<br />";
echo "my[2]: " . $my[2] . "<br />";
echo "my[3]: " . $my[3] . "<br />";
echo "my4: " . $my4 . "<br />";
echo "my5: " . $my5 . "<br />";
?>
<form action="1.php"  name="name" method="post">
<input type="text" name="my[1]" value='1234567890'>
<input type="text" name="my[2]" value='abcdefghijklmnop'>
<input type="text" name="my[3]" value='a1b2c3d4e5f6g7'>
<input type="text" name="my4" value='abcdefghijklmnop'>
<input type="text" name="my5" value='http://www.msn.com/'>
<input type=submit name=submit value=Submit />
</form>


The OUTPUT I got:
my[1]: 567890
my[2]: efghijklmnop
my[3]: c3d4e5f6g7
my4: abcdefghijklmnop
my5: http://www.msn.com/

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-09-17 21:06 UTC] yohgaki@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.
 [2002-09-18 09:38 UTC] thomas at deliduka dot com
Is this the bug report which my report (19476) was set 
bogus for?

This says it's apache 2 related, I'm running 1.3.26. Was 
this, in fact, fixed then?
 [2002-09-18 09:45 UTC] wez@php.net
The issue was with the --enable-mbstr-enc-trans configure
option; remove it from your configure line and rebuild and
the problem goes away.
This has been fixed in CVS.
(Reclassifying)
 [2002-10-16 00:10 UTC] lamart at nikoli dot net
What does it mean "This has been fixed in CVS"?  Do I need to get a new copy of cvs? If so, where do I get it?  Or is CVS a place where I can get a new copy of php?  If so, where is this "cvs"?  More info. needed.
 [2002-10-16 00:42 UTC] derick@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 [2002-10-16 16:46 UTC] mitch at unixprogramming dot net
What about people that are running production servers that 
have been bitten by this! We can't use CVS versions of PHP! 
The workaround described as [remove --enable-mbstr-enc-
trans] isn't valid as I never compiled my PHP with --
enable-mbstr-enc-trans in the first place :-)
 [2002-10-17 00:28 UTC] derick@php.net
Use --disable-mbstr-enc-trans then... for some reason it was on by default in 4.2.3, and that is correctedd
 [2002-10-17 01:54 UTC] yohgaki@php.net
The problem is fixed in 4.2.4-dev.
So try STABLE cvs version if you would like.

BTW, 4.2.x's (and 4.3.0) --enable-enc-trans is default to off. You must have --enable-mbstring.


 [2002-10-18 17:05 UTC] dmarks at seattlemortgage dot com
I have compiled php 4.2.3 with the --disable-mbstr-enc-trans argument but I am still receiving the same problem.  Is there another argument or something else that I am missing?
 [2002-10-18 17:34 UTC] moriyoshi@php.net
Did you forget to "make clean" before running configure?

Or, please try [grep "MBSTR_ENC_TRANS" main/php_config.h], and if the result is

/* #undef MBSTR_ENC_TRANS */ 

then there's no problem with configure.




 [2002-10-19 05:13 UTC] dmarks at seattlemortgage dot com
I did make clean, but still no luck.  Is --disable-mbstr-enc-trans the only argument I need?  If so I will contact the ISP and see if they are having issues with the way I am compiling it.  If not, please let me know if there are any other arguments necessary to fix this problem.
 [2002-10-19 10:39 UTC] moriyoshi@php.net
Basically the single argument --disable-mbstr-enc-trans is enough to disable the feature. NO OTHER OPTIONS are required. What options did you give to configure and how do you run the testing script? (ex. Apache DSO or CGI binary)
Anyway I don't see any problems there.
 [2002-10-19 11:31 UTC] dmarks at seattlemortgage dot com
I configured it just with the --disable-mbstr-enc-trans argument.  I turned on magic quotes and register globals in the php.ini file (I know that's not the best thing).  Other then that I stuck with the defaults.  I am running it as Apache DSO - does any of this make a difference?
 [2002-10-19 11:56 UTC] moriyoshi@php.net
Hmm... I asked such questions just because I would like to confirm if you have surely configured both with --disable-mbstr-enc-trans and --with-apxs, and you have run the script in Apache.
BTW magic_quotes_gpc and register_globals have nothing to do with the mbstr-enc-trans issue.

 [2002-11-26 09:19 UTC] php at com dot hosfordusa
Does this problem exist in the PHP 4.2.3 Win 32 download binary?
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 10:02:06 2014 UTC