|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54703 When containing a null character, $_GET variable not set (properly)
Submitted: 2011-05-10 19:21 UTC Modified: 2011-05-11 11:15 UTC
From: php at tracking-celebs dot info Assigned:
Status: Not a bug Package: *General Issues
PHP Version: 5.2.17 OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: php at tracking-celebs dot info
New email:
PHP Version: OS:


 [2011-05-10 19:21 UTC] php at tracking-celebs dot info
When a null character is present in the value of a variable in the request string (encoded as %00), said variable will either not be set in $_GET at all (linux) or be set improperly (null character is escaped; win32)

Test script:

if (isset($_GET['fb']))
 echo strlen($_GET['fb']);
 echo '<a href="?fb=foo%00bar">click me</a>';

Expected result:
After clicking the link:
    [fb] => foo´┐Żbar

Actual result:
After clicking the link:

- On a linux setup:
<a href="?fb=foo%00bar">click me</a>

- On a win32 setup:
    [fb] => foo\0bar


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-05-10 19:39 UTC]
-Status: Open +Status: Feedback
 [2011-05-10 19:39 UTC]
On Linux this is not true unless you have something specifically filtering these 
on you. Without ext/filter, suhosin or your own filter code, nulls go through 
fine. See:
And the source for the script:

And it shouldn't be any different on Windows.
 [2011-05-10 23:31 UTC] php at tracking-celebs dot info
-Status: Feedback +Status: Open
 [2011-05-10 23:31 UTC] php at tracking-celebs dot info
On that linux machine there is suhosin indeed, so it could be causing the problem. I just tried on another computer with a new vanilla php-5.2.17 and then got the same results as did on windows.

Would seem indeed to be caused by suhosin; however i just added suhosin on there and it still worked then as before, so there must be something else on that other computer...

Anyways, can't reproduce it with a vanilla php, so that's that. I got things mixed up, seems there's no bug here after all; Apologies.
 [2011-05-11 11:15 UTC]
-Status: Open +Status: Bogus
 [2011-05-11 11:15 UTC]
No bug. Closing.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Apr 21 11:01:27 2024 UTC