php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #20098 POSTed variables are urldecoded twice
Submitted: 2002-10-25 15:09 UTC Modified: 2002-10-25 15:12 UTC
From: Marcus dot Dietz at unibw-muenchen dot de Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 4.2.3 OS: FreeBSD 4.7-RELEASE
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: Marcus dot Dietz at unibw-muenchen dot de
New email:
PHP Version: OS:

 

 [2002-10-25 15:09 UTC] Marcus dot Dietz at unibw-muenchen dot de
If you type a '+' in a field it get's converted to
'%2B' before sent to the server. php urldecodes it
twice: '%2B' -> '+' -> ' '.

The problem is in the file:

ext/mbstring/mbstring.c: lines 1033-1045:
val = strchr(var, '=');
        val_list[n] = var;
        len_list[n] = php_url_decode(var, strlen(var));
        n++;
        if (val) { /* have a value */
            *val++ = '\0';
            val_list[n] = val;
            len_list[n] = php_url_decode(val, strlen(val));
        } else {
            val_list[n] = "";
            len_list[n] = 0;
        }

A possible bugfix is:
==== BEGIN diff ===========================================
*** ext/mbstring/mbstring.c.ORIG        Thu Aug  1 07:47:56 2002
--- ext/mbstring/mbstring.c     Fri Oct 25 21:36:40 2002
***************
*** 1032,1041 ****
        while (var)  {
                val = strchr(var, '=');
                val_list[n] = var;
                len_list[n] = php_url_decode(var, strlen(var));
                n++;
                if (val) { /* have a value */
-                       *val++ = '\0';
                        val_list[n] = val;
                        len_list[n] = php_url_decode(val, strlen(val));
                } else {
--- 1032,1042 ----
        while (var)  {
                val = strchr(var, '=');
                val_list[n] = var;
+               if (val)
+                       *val++ = '\0';
                len_list[n] = php_url_decode(var, strlen(var));
                n++;
                if (val) { /* have a value */
                        val_list[n] = val;
                        len_list[n] = php_url_decode(val, strlen(val));
                } else {
============================================================


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-10-25 15:12 UTC] sniper@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Feb 17 10:01:25 2020 UTC