php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #32127 is_numeric() not binary safe
Submitted: 2005-02-27 12:58 UTC Modified: 2005-04-14 09:44 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: M dot Kooiman at MAP-IS dot nl Assigned: derick (profile)
Status: Closed Package: Variables related
PHP Version: 4CVS, 5CVS (2005-02-27) OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: M dot Kooiman at MAP-IS dot nl
New email:
PHP Version: OS:

 

 [2005-02-27 12:58 UTC] M dot Kooiman at MAP-IS dot nl 
Description:
------------
Hi,

It seems is_numeric() isn't binary safe. Which, in itself isn't a big problem, but it becomes a problem when is_numeric () is used as input (GET/POST) validation. 





Reproduce code:
---------------
<?php

/*
 * I'm fully aware you should first sanitize the data before outputting. The following code
 * is just an example pointing out the problem. Also consider situations where
 * the result is trusted because of is_numeric() and then used in SQL queries.
 */

/* call this like: file.php?whatever=123%00<script>alert(document.cookie);</script>
*/

if (is_numeric($_GET['whatever']))
{
    echo "Whatever: {$_GET['whatever']}<br>";
} else{
    echo 'The string isn't numeric.';
}

?>


Expected result:
----------------
is_numeric() should fail the string because it contains extra arbitrary data.


Actual result:
--------------
is_numeric() will validate a string that has a number + null char + arbitrary data as a valid number.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-04-05 10:18 UTC] tony2001@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.0-win32-latest.zip

I can't reproduce it with latest snapshots.
 [2005-04-13 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2005-04-14 09:44 UTC] M dot Kooiman at MAP-IS dot nl 
Hello Tony,

I just tried with the most recent version that's available on my machine Ubuntu Hoary Hedgehog: PHP 4.3.10(-10ubuntu4) and it seems that it's fixed in that aswell, so I'm sure PHP5 is ok.

Mathieu
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved. 		Last updated: Wed Apr 08 03:01:24 2020 UTC