php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44830 Very minor issue with backslash in heredoc
Submitted: 2008-04-25 11:21 UTC Modified: 2008-05-09 10:32 UTC
From: slattery at uk dot ibm dot com Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 5.2.5 OS: windows
Private report: No CVE-ID:
 [2008-04-25 11:21 UTC] slattery at uk dot ibm dot com
Description:
------------
There is a very minor issue when a heredoc contains only a single
backslash.

The doc says heredoc behaves exactly as double quoted string - so in this one particular case of the single backslash - we have a case which cannot be produced in a double quoted string - so the behaviour is undefined.

The engine appears to treat is as a 'record separator', but I think
it would be better treated as a backslash.

Im quite happy for this to be closed as bogus - Its just that the code below is from a php test case - I dont suppose anyone will actually do this.

Reproduce code:
---------------
<?php
$heredoc_string_only_backslash =<<<EOT
\
EOT;

$str = $heredoc_string_only_backslash;
var_dump(bin2hex($str));

$str_addslashes = addslashes($str);
var_dump(bin2hex($str_addslashes));

$str_stripslashes = stripslashes($str_addslashes);
var_dump(bin2hex($str_stripslashes));
?>



Expected result:
----------------
On running the code  I get: 

string(2) "00"
string(4) "5c30"
string(2) "00"

which looks a little strange, I would have expected: 

string(2) "5c"
string(4) "5c5c"
string(2) "5c"



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-04-28 13:04 UTC] mattwil@php.net
Yeah, good catch. (And a backslash would actually always be lost at the end of a heredoc, even with other text before it.) Because of a check in the loop that scans for escape sequences, the \ becomes \0 (null byte).

For the devs: I removed the additional check for end of string. All that will happen with this reproduce code is variable "s" will be incremented past the end of the string at the end of the while () -- but I believe that's safe because it won't be read from afterwards.

Patches for all 3 branches:
http://realplain.com/php/bug44830.diff
http://realplain.com/php/bug44830_5_3.diff
http://realplain.com/php/bug44830_5_2.diff
 [2008-05-09 10:32 UTC] mattwil@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 21:01:56 2014 UTC