PHP :: Bug #54703 :: When containing a null character, $

Bug #54703	When containing a null character, $_GET variable not set (properly)
Submitted:	2011-05-10 19:21 UTC	Modified:	2011-05-11 11:15 UTC
From:	php at tracking-celebs dot info	Assigned:
Status:	Not a bug	Package:	*General Issues
PHP Version:	5.2.17	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

[2011-05-10 19:21 UTC] php at tracking-celebs dot info

Description:
------------
When a null character is present in the value of a variable in the request string (encoded as %00), said variable will either not be set in $_GET at all (linux) or be set improperly (null character is escaped; win32)


Test script:
---------------
<?php
print_r($_GET);

if (isset($_GET['fb']))
{
 echo strlen($_GET['fb']);
}
else
{
 echo '<a href="?fb=foo%00bar">click me</a>';
}


Expected result:
----------------
After clicking the link:
Array
(
    [fb] => foo�bar
)
7


Actual result:
--------------
After clicking the link:

- On a linux setup:
Array
(
)
<a href="?fb=foo%00bar">click me</a>

- On a win32 setup:
Array
(
    [fb] => foo\0bar
)
8

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-05-10 19:39 UTC] rasmus@php.net

-Status: Open +Status: Feedback

[2011-05-10 19:39 UTC] rasmus@php.net

On Linux this is not true unless you have something specifically filtering these 
on you. Without ext/filter, suhosin or your own filter code, nulls go through 
fine. See: http://progphp.com/null.php?fb=foo%00bar
And the source for the script: http://progphp.com/null.phps

And it shouldn't be any different on Windows.

[2011-05-10 23:31 UTC] php at tracking-celebs dot info

-Status: Feedback +Status: Open

[2011-05-10 23:31 UTC] php at tracking-celebs dot info

On that linux machine there is suhosin indeed, so it could be causing the problem. I just tried on another computer with a new vanilla php-5.2.17 and then got the same results as did on windows.

Would seem indeed to be caused by suhosin; however i just added suhosin on there and it still worked then as before, so there must be something else on that other computer...

Anyways, can't reproduce it with a vanilla php, so that's that. I got things mixed up, seems there's no bug here after all; Apologies.

[2011-05-11 11:15 UTC] johannes@php.net

-Status: Open +Status: Bogus

[2011-05-11 11:15 UTC] johannes@php.net

No bug. Closing.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Nov 05 14:00:01 2025 UTC