php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #29913 problem in pathinfo() et parse_url()
Submitted: 2004-08-31 14:32 UTC Modified: 2004-09-20 07:17 UTC
Votes:2
Avg. Score:3.0 ± 2.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:1 (50.0%)
From: guth at fiifo dot u-psud dot fr Assigned:
Status: Closed Package: URL related
PHP Version: 5.0.1 OS: Linux (Mandrake 10)
Private report: No CVE-ID:
 [2004-08-31 14:32 UTC] guth at fiifo dot u-psud dot fr
Description:
------------
pathinfo() and parse_url() doesn't handle null characters

Reproduce code:
---------------
/* test 1*/
var_dump(pathinfo("file.p\x00hp"));

/* test 2 */
var_dump(pathinfo("fi\x00le.php"));

/* test 3 */
var_dump(parse_url("./file.php"));

/* test 4 */
var_dump(parse_url("./fi\x00le.php"));

Expected result:
----------------
(\0 means null character)

/* test 1 */

array(3) {
  ["dirname"]=>
  string(1) "."
  ["basename"]=>
  string(9) "file.p\0hp"
  ["extension"]=>
  string(4) "p\0hp"
}

/* test 2 */

array(3) {
  ["dirname"]=>
  string(1) "."
  ["basename"]=>
  string(9) "fi\0le.php"
  ["extension"]=>
  string(4) "php"
}

/* test 3 */

array(1) {
  ["path"]=>
  string(10) "./file.php"
}

/* test 4 */

array(1) {
  ["path"]=>
  string(10) "./fi\0le.php"
}

Actual result:
--------------
/* test 1 */

=> OK

/* test 2 */

array(3) {
  ["dirname"]=>
  string(1) "."
  ["basename"]=>
  string(9) "fi\0le.php"
}

Extension should be "php".

/* test 3 */

=> OK

/* test 4 */

array(1) {
  ["path"]=>
  string(10) "./fi"
}

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-09-20 07:17 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

parse_url() behaviour has been fixed in CVS.
pathinfo() function works as expected, the special control chars such as \0 are removed.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 05:03:19 2014 UTC