PHP :: Bug #22773 :: posted form variables mixed

Bug #22773

posted form variables mixed

Submitted:

2003-03-18 15:36 UTC

Modified:

2003-03-28 11:55 UTC

Votes:	3
Avg. Score:	5.0 ± 0.0
Reproduced:	3 of 3 (100.0%)
Same Version:	2 (66.7%)
Same OS:	2 (66.7%)

From:

joe at mcknight dot de

Assigned:

Status:

Closed

Package:

CGI/CLI related

PHP Version:

4.3.2-RC

OS:

Linux

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	joe at mcknight dot de
New email:
PHP Version:		OS:

New/Additional Comment:

[2003-03-18 15:36 UTC] joe at mcknight dot de

With these pages:

test.php:
--------------------
<html>
<body>
<form method="post" action="out.php">
<p>
  <input type="text" name="suchstr" size="20">
  <input type="submit" value="OK" name="B1">
</p>
</form>
</table>

</body>
</html>


out.php:
-----------
<?
echo "Variable \"suchstr\": $suchstr";
echo "<br>";
echo "Variable \"B1\": $B1";
?>

I get (clicking on the button):

Variable "suchstr": abc&B1=OK
Variable "B1": OK

That means that "suchstr" got mixed with the name and value of Variable B1!

Feel free to ask for more information or tell me what I'm doing wrong  :-)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-03-24 17:51 UTC] sniper@php.net

I just tested again this, and could finally reproduce this.
(had an old cgi binary which read wrong php.ini, stupid me..)

Summary of conditions:

- only happens with the regular posts (ie. when rfc1867.c is used, it works fine, or GET method)

- register_globals has to be 'On'

- The posted value has to be longer than one (1) character

- Only the global variable gets mangled, $_POST[] array has the correct value

[2003-03-24 18:06 UTC] sniper@php.net

making critical (should really be fixed before 4.3.2 goes gold..)

[2003-03-24 18:12 UTC] rasmus@php.net

How are you triggering the cgi?  ie. what does your Apache config look like?

[2003-03-24 18:17 UTC] sniper@php.net

It doesn't matter. I tried two different ways, both failed.
For example (otherwise default httpd.conf):

    AddType application/x-httpd-php .php
    ScriptAlias /php/ "/www/apache/cgi-bin/"
    Action application/x-httpd-php /php/php-cgi

[2003-03-24 18:33 UTC] rasmus@php.net

That means a command-line test case in tests/basic should fail as well.

[2003-03-25 05:52 UTC] moriyoshi@php.net

Related to bug #22612

[2003-03-27 12:16 UTC] iliaa@php.net

This problem is a rather interesting one, it appears that in CGI the entire POST data makes into the enviroment. You can see this by adding a printf() to _php_import_environment_variables() function. The last element will contain the entire POST string. If that string contains a '=', then data before the '=' becomes the key (variable name) and the rest the variable content. Meaning that by the time the POST variables are registered $suchstr already has a value.
One way to fix this is to prevent duplicate variable registration by breaking on the 1st invalid entry from the enviroment inside _php_import_environment_variables(), which happens to be the script name, which is followed by either the POST data or random garbage.
Here is the relavent patch: http://bb.prohost.org/22773.txt

[2003-03-28 11:55 UTC] moriyoshi@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

[2003-06-28 14:11 UTC] jcarver at mit dot edu

It looks like I'm getting the same error, but in slightly different conditions.

I'm on PHP 4.2.2 and have register globals off.  I get exactly the same error:
When I submit the value "bar", and I print_r  the  _POST, I expect to get the output:
  Array ( [foo] => bar ) 
but instead I get:
  Array ( [foo] => barfoo=bar ) 

I just thought it was important to note that it also happens with these conditions:
- register_globals can be 'Off'

- The $_POST[] array is mangled too

- $_GET is unaffected

[2003-07-09 15:58 UTC] roarke dot gaskill at cornerstone dot net

I am seeing the exact same problem as jcarver described.  I don't see this problem when I am using Mozilla 1.1 but I see this problem with both IE 5 and 6.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 19 09:01:27 2024 UTC