php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #32127 is_numeric() not binary safe
Submitted: 2005-02-27 12:58 UTC Modified: 2005-04-14 09:44 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: M dot Kooiman at MAP-IS dot nl Assigned: derick (profile)
Status: Closed Package: Variables related
PHP Version: 4CVS, 5CVS (2005-02-27) OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: M dot Kooiman at MAP-IS dot nl
New email:
PHP Version: OS:

 

 [2005-02-27 12:58 UTC] M dot Kooiman at MAP-IS dot nl
Description:
------------
Hi,

It seems is_numeric() isn't binary safe. Which, in itself isn't a big problem, but it becomes a problem when is_numeric () is used as input (GET/POST) validation. 





Reproduce code:
---------------
<?php

/*
 * I'm fully aware you should first sanitize the data before outputting. The following code
 * is just an example pointing out the problem. Also consider situations where
 * the result is trusted because of is_numeric() and then used in SQL queries.
 */

/* call this like: file.php?whatever=123%00<script>alert(document.cookie);</script>
*/

if (is_numeric($_GET['whatever']))
{
    echo "Whatever: {$_GET['whatever']}<br>";
} else{
    echo 'The string isn't numeric.';
}

?>


Expected result:
----------------
is_numeric() should fail the string because it contains extra arbitrary data.


Actual result:
--------------
is_numeric() will validate a string that has a number + null char + arbitrary data as a valid number.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-04-05 10:18 UTC] tony2001@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.0-win32-latest.zip

I can't reproduce it with latest snapshots.
 [2005-04-13 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2005-04-14 09:44 UTC] M dot Kooiman at MAP-IS dot nl
Hello Tony,

I just tried with the most recent version that's available on my machine Ubuntu Hoary Hedgehog: PHP 4.3.10(-10ubuntu4) and it seems that it's fixed in that aswell, so I'm sure PHP5 is ok.

Mathieu
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sun Sep 27 01:01:24 2020 UTC