|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2005-04-05 10:18 UTC] tony2001@php.net
[2005-04-13 01:00 UTC] php-bugs at lists dot php dot net
[2005-04-14 09:44 UTC] M dot Kooiman at MAP-IS dot nl
|
|||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sat Apr 20 05:01:27 2024 UTC |
Description: ------------ Hi, It seems is_numeric() isn't binary safe. Which, in itself isn't a big problem, but it becomes a problem when is_numeric () is used as input (GET/POST) validation. Reproduce code: --------------- <?php /* * I'm fully aware you should first sanitize the data before outputting. The following code * is just an example pointing out the problem. Also consider situations where * the result is trusted because of is_numeric() and then used in SQL queries. */ /* call this like: file.php?whatever=123%00<script>alert(document.cookie);</script> */ if (is_numeric($_GET['whatever'])) { echo "Whatever: {$_GET['whatever']}<br>"; } else{ echo 'The string isn't numeric.'; } ?> Expected result: ---------------- is_numeric() should fail the string because it contains extra arbitrary data. Actual result: -------------- is_numeric() will validate a string that has a number + null char + arbitrary data as a valid number.