php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #22773 posted form variables mixed
Submitted: 2003-03-18 15:36 UTC Modified: 2003-03-28 11:55 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:2 (66.7%)
From: joe at mcknight dot de Assigned:
Status: Closed Package: CGI/CLI related
PHP Version: 4.3.2-RC OS: Linux
Private report: No CVE-ID: None
View Developer Edit
 [2003-03-18 15:36 UTC] joe at mcknight dot de 
With these pages:

test.php:
--------------------
<html>
<body>
<form method="post" action="out.php">
<p>
  <input type="text" name="suchstr" size="20">
  <input type="submit" value="OK" name="B1">
</p>
</form>
</table>

</body>
</html>


out.php:
-----------
<?
echo "Variable \"suchstr\": $suchstr";
echo "<br>";
echo "Variable \"B1\": $B1";
?>

I get (clicking on the button):

Variable "suchstr": abc&B1=OK
Variable "B1": OK

That means that "suchstr" got mixed with the name and value of Variable B1!

Feel free to ask for more information or tell me what I'm doing wrong  :-)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-03-24 17:51 UTC] sniper@php.net 
I just tested again this, and could finally reproduce this.
(had an old cgi binary which read wrong php.ini, stupid me..)

Summary of conditions:

- only happens with the regular posts (ie. when rfc1867.c is used, it works fine, or GET method)

- register_globals has to be 'On'

- The posted value has to be longer than one (1) character

- Only the global variable gets mangled, $_POST[] array has the correct value
 [2003-03-24 18:06 UTC] sniper@php.net 
making critical (should really be fixed before 4.3.2 goes gold..)
 [2003-03-24 18:12 UTC] rasmus@php.net 
How are you triggering the cgi?  ie. what does your Apache config look like?
 [2003-03-24 18:17 UTC] sniper@php.net 
It doesn't matter. I tried two different ways, both failed.
For example (otherwise default httpd.conf):

    AddType application/x-httpd-php .php
    ScriptAlias /php/ "/www/apache/cgi-bin/"
    Action application/x-httpd-php /php/php-cgi
 [2003-03-24 18:33 UTC] rasmus@php.net 
That means a command-line test case in tests/basic should fail as well.
 [2003-03-25 05:52 UTC] moriyoshi@php.net 
Related to bug #22612
 [2003-03-27 12:16 UTC] iliaa@php.net 
This problem is a rather interesting one, it appears that in CGI the entire POST data makes into the enviroment. You can see this by adding a printf() to _php_import_environment_variables() function. The last element will contain the entire POST string. If that string contains a '=', then data before the '=' becomes the key (variable name) and the rest the variable content. Meaning that by the time the POST variables are registered $suchstr already has a value.
One way to fix this is to prevent duplicate variable registration by breaking on the 1st invalid entry from the enviroment inside _php_import_environment_variables(), which happens to be the script name, which is followed by either the POST data or random garbage.
Here is the relavent patch: http://bb.prohost.org/22773.txt
 [2003-03-28 11:55 UTC] moriyoshi@php.net 
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.
 [2003-06-28 14:11 UTC] jcarver at mit dot edu 
It looks like I'm getting the same error, but in slightly different conditions.

I'm on PHP 4.2.2 and have register globals off.  I get exactly the same error:
When I submit the value "bar", and I print_r  the  _POST, I expect to get the output:
  Array ( [foo] => bar ) 
but instead I get:
  Array ( [foo] => barfoo=bar ) 

I just thought it was important to note that it also happens with these conditions:
- register_globals can be 'Off'

- The $_POST[] array is mangled too

- $_GET is unaffected
 [2003-07-09 15:58 UTC] roarke dot gaskill at cornerstone dot net 
I am seeing the exact same problem as jcarver described.  I don't see this problem when I am using Mozilla 1.1 but I see this problem with both IE 5 and 6.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Dec 26 23:01:28 2024 UTC