|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2009-09-24 08:43 UTC] jani@php.net
[2009-09-24 08:45 UTC] michkol at gmail dot com
[2009-10-02 01:00 UTC] php-bugs at lists dot php dot net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Fri May 10 16:01:32 2024 UTC |
Description: ------------ PHP responds to some invalid POST requests with an error message that includes the source code. Reproduce code: --------------- <?php $dblogin = 'admin'; $dbpass = 'secret'; mysql_connect('localhost', $dblogin, $dbpass); echo 'some output'; ?> $ telnet localhost 80 POST /test.php HTTP/1.0 Content-Length: -75000000 Expected result: ---------------- The code of a script should be never sent to clients. This is a severe security flaw. Apache/PHP should just send a 413 error, without the code, for example: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>413 Request Entity Too Large</title> </head><body> <h1>Request Entity Too Large</h1> The requested resource<br />/test.php<br /> does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit. </body></html> Actual result: -------------- <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>413 Request Entity Too Large</title> </head><body> <h1>Request Entity Too Large</h1> The requested resource<br />/test.php<br /> does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit. </body></html> <?php $dblogin = 'admin'; $dbpass = 'secret'; mysql_connect('localhost', $dblogin, $dbpass); echo 'some output'; ?>