php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #20212 Content of form array variables will be cutted by the first 4 characters
Submitted: 2002-11-01 06:23 UTC Modified: 2002-11-01 06:28 UTC
From: chr at abelard dot de Assigned:
Status: Closed Package: HTTP related
PHP Version: 4.2.3 OS: SuSE Linux 8.0
Private report: No CVE-ID: None
 [2002-11-01 06:23 UTC] chr at abelard dot de
PHP 4.2.3 will cut the first 4 characters from content of form variables,
if they are array's.  This does not occur in PHP versions 4.1.1 and
4.1.2.
The following 2 files demonstrate the bug. First the HTML form:

++++++++++++++++ Begin ++++++++++++++++++++++++++++++++++
<html>
<head>
  <title>Demonstrate error in form handling by PHP 4.2.3</title>
</head>
<body bgcolor=white>
<form action="http://139.18.20.141/formError.php" method="post">
<!-- try the following URLs for "action" to see correctly working older systems:
  [PHP 4.1.1] http://www.abelard.info/formError.php
  [PHP 4.1.2] http://www.stura.uni-leipzig.de/sp/formError.php
-->
  <input type='checkbox' name='selectCourse[]' value='KURS_' checked="1">KURS_ <BR>
  <input type='checkbox' name='selectCourse[]' value='ABCD_KURS_0_1'>ABCD_KURS_0_1 <BR>
  <input type="submit" name="submit" value="Ok" >
</form>
</body>
</html>
--------------- End ------------------------------

Second, the processing PHP file:

+++++++++++++++++ Begin ++++++++++++++++++++++++++++++++++++
<html>
<head><title>POST-Array test</title></head>
<body>
<h1>POST-Array test</h1>
<p>
<?php
echo 'selectCourse[0]='.$_POST['selectCourse'][0]."<br>\n";
echo 'selectCourse[1]='.$_POST['selectCourse'][1];
?>
</p>
</body>
</html>
---------------- End --------------------------------

If submitted by only clicking the OK-button, this should output
   ...  
   selectCourse[0]=KURS_
   ...

but in fact it does this on older versions of PHP only.
PHP 4.2.3 does output instead:

   ...
   selectCourse[0]=_
   ...

loosing the first 4 characters from variable content.

Note:
This occurs _only_ on array-like variables as above, normal variables
were submitted correctly.

   ***
Now the usual system information:
You can obtain the full configuration by calling

   http://139.18.20.141/test.php

The configure line here again:

+++++++++++++++++++++++++ Begin ++++++++++++++++++++++++++
'./configure' '--prefix=/usr/share' '--datadir=/usr/share/php' '--bindir=/usr/bin' '--libdir=/usr/share' '--libdir=/usr/local/lib' '--includedir=/usr/include'  '--includedir=/usr/local/include' '--with-config-file-path=/etc'  '--with-exec-dir=/usr/lib/php/bin' '--disable-debug' '--enable-bcmath' '--enable-calendar'
 '--enable-ctype' '--enable-dbase' '--enable-discard-path' '--enable-exif'  '--enable-force-cgi-redirect' '--enable-ftp' '--enable-inline-optimization' '--enable-magic-quotes' '--enable-mbstr-enc-trans' '--enable-mbstring' '--enable-memory-limit'  '--enable-safe-mode' '--enable-shmop' '--enable-sigchild'   '--enable-sysvsem' '--enable-sysvshm' '--enable-trans-sid' '--enable-versioning' '--with-bz2' '--with-dom=/usr/local/include/libxml2' '--with-ftp' '--with-gettext'
'--with-imap=yes' '--with-jpeg-dir=/usr' '--with-mysql=/usr' '--with-png-dir=/usr' '--with-xml' '--with-zlib=yes' '--enable-xslt' '--with-xslt-sablot' '--with-mm'  '--with-apxs=/usr/sbin/apxs' '--with-pcre-regex' '--without-pgsql' '--with-imap-ssl'
----------------------- End -----------------------

I have compiled PHP by getting php-4.2.3.tar.bz2 from 
  http://de.php.net/get_download.php?df=php-4.2.3.tar.bz2
The md5 sum is OK.
For APACHE I used the source RPM included in SuSE 8.0, that means
version "1.3.23".
##

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-11-01 06:28 UTC] derick@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Fri Nov 15 12:01:34 2019 UTC