php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #22773 posted form variables mixed
Submitted: 2003-03-18 15:36 UTC Modified: 2003-03-28 11:55 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:2 (66.7%)
From: joe at mcknight dot de Assigned:
Status: Closed Package: CGI/CLI related
PHP Version: 4.3.2-RC OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: joe at mcknight dot de
New email:
PHP Version: OS:

 

 [2003-03-18 15:36 UTC] joe at mcknight dot de
With these pages:

test.php:
--------------------
<html>
<body>
<form method="post" action="out.php">
<p>
  <input type="text" name="suchstr" size="20">
  <input type="submit" value="OK" name="B1">
</p>
</form>
</table>

</body>
</html>


out.php:
-----------
<?
echo "Variable \"suchstr\": $suchstr";
echo "<br>";
echo "Variable \"B1\": $B1";
?>

I get (clicking on the button):

Variable "suchstr": abc&B1=OK
Variable "B1": OK

That means that "suchstr" got mixed with the name and value of Variable B1!

Feel free to ask for more information or tell me what I'm doing wrong  :-)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-03-24 17:51 UTC] sniper@php.net
I just tested again this, and could finally reproduce this.
(had an old cgi binary which read wrong php.ini, stupid me..)

Summary of conditions:

- only happens with the regular posts (ie. when rfc1867.c is used, it works fine, or GET method)

- register_globals has to be 'On'

- The posted value has to be longer than one (1) character

- Only the global variable gets mangled, $_POST[] array has the correct value

 [2003-03-24 18:06 UTC] sniper@php.net
making critical (should really be fixed before 4.3.2 goes gold..)

 [2003-03-24 18:12 UTC] rasmus@php.net
How are you triggering the cgi?  ie. what does your Apache config look like?
 [2003-03-24 18:17 UTC] sniper@php.net
It doesn't matter. I tried two different ways, both failed.
For example (otherwise default httpd.conf):

    AddType application/x-httpd-php .php
    ScriptAlias /php/ "/www/apache/cgi-bin/"
    Action application/x-httpd-php /php/php-cgi

 [2003-03-24 18:33 UTC] rasmus@php.net
That means a command-line test case in tests/basic should fail as well.
 [2003-03-25 05:52 UTC] moriyoshi@php.net
Related to bug #22612

 [2003-03-27 12:16 UTC] iliaa@php.net
This problem is a rather interesting one, it appears that in CGI the entire POST data makes into the enviroment. You can see this by adding a printf() to _php_import_environment_variables() function. The last element will contain the entire POST string. If that string contains a '=', then data before the '=' becomes the key (variable name) and the rest the variable content. Meaning that by the time the POST variables are registered $suchstr already has a value.
One way to fix this is to prevent duplicate variable registration by breaking on the 1st invalid entry from the enviroment inside _php_import_environment_variables(), which happens to be the script name, which is followed by either the POST data or random garbage.
Here is the relavent patch: http://bb.prohost.org/22773.txt
 [2003-03-28 11:55 UTC] moriyoshi@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 [2003-06-28 14:11 UTC] jcarver at mit dot edu
It looks like I'm getting the same error, but in slightly different conditions.

I'm on PHP 4.2.2 and have register globals off.  I get exactly the same error:
When I submit the value "bar", and I print_r  the  _POST, I expect to get the output:
  Array ( [foo] => bar ) 
but instead I get:
  Array ( [foo] => barfoo=bar ) 

I just thought it was important to note that it also happens with these conditions:
- register_globals can be 'Off'

- The $_POST[] array is mangled too

- $_GET is unaffected
 [2003-07-09 15:58 UTC] roarke dot gaskill at cornerstone dot net
I am seeing the exact same problem as jcarver described.  I don't see this problem when I am using Mozilla 1.1 but I see this problem with both IE 5 and 6.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Nov 30 11:01:22 2020 UTC