PHP :: Bug #55842 :: Explode function sensitive to data!

Bug #55842

Explode function sensitive to data!

Submitted:

2011-10-04 11:38 UTC

Modified:

2015-04-12 20:16 UTC

Votes:	2
Avg. Score:	4.0 ± 1.0
Reproduced:	0 of 1 (0.0%)

From:

lennart dot ohrstedt at diadoker dot se

Assigned:

cmb (profile)

Status:

Not a bug

Package:

Strings related

PHP Version:

5.3SVN-2011-10-04 (SVN)

OS:

Mac OS x 10.7.1,MAMP 1.9.6

Private report:

CVE-ID:

None

View Add Comment Developer Edit

[2011-10-04 11:38 UTC] lennart dot ohrstedt at diadoker dot se

Description:
------------
If I have a string containing "<?php" somewhere in the middle and I use explode 
to split the string. Then the output array will not have the part of the string 
prior to the "<?php", the output array will start at the character following the 
"<?php". Is this a bug or this is the way explode works?

Test script:
---------------
use URL www.diadoker.se/test/packa_upp.php. The input file, "test_new.php", to this is a previus "packed" php-file using "trim", and the output is to file  "test2.php".

Expected result:
----------------
I expected the result to be equal to the input but split according to the 
parameters in the explode function. 

Actual result:
--------------
When there is the characters "<?php" somewhere in the string, everything before 
these characters are lostand the first character in the output array is the 
character following the "<?php".

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-10-04 12:58 UTC] pajoye@php.net

-Status: Open +Status: Feedback

[2011-10-04 12:58 UTC] pajoye@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

[2011-10-04 13:49 UTC] lennart dot ohrstedt at diadoker dot se

<?php
    $fil_in = "test_new.php";
    $fil_out = "test2.php";
    if ( file_exists($fil_in) )
			{
				$file_in = fopen($fil_in,"r+");			
				$file_out = fopen($fil_out,"w+");
			}
    while(!feof($file_in))
  	    {
	        $line_in=fgets($file_in); 
	        $line_array=explode(">",$line_in);		
    	}
    	$j=count($line_array);
    	for ($i=0;$i<($j-1);$i++)
    		{
    			$line_out=$line_array[$i];
    			fwrite($file_out,$line_out.">"."\n"); 
    		}   
	fclose($file_in);
    fclose($file_out);										
?>

[2011-10-04 15:12 UTC] pajoye@php.net

What contain  "test_new.php" and "test2.php"? And what are the expected and actual 
results?

[2011-10-04 15:21 UTC] lennart dot ohrstedt at diadoker dot se

-Status: Feedback +Status: Open

[2011-10-04 15:21 UTC] lennart dot ohrstedt at diadoker dot se

Test_new.php contains this: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 
Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd."><!--
created by Lennart Öhrstedt, Diadoker--><html 
xmlns="http://www.w3.org/1999/xhtml" lang="sv" xml:lang="sv"><head><title>Min 
mall</title><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-
1" /><meta name="description" content="" /><meta name="keywords" content="" />
<meta name="author" content="Lennart Öhrstedt" /><meta name="Copyright" 
content="Diadoker" /><meta name="Company" content="Diadoker" /><meta http-
equiv="Language" content="Sv" /><meta name="Robots" content="index,follow" />
<link rel="shortcut icon" href="images/alexander4.jpg" type="image/x-icon" />
<link rel="stylesheet" href="css/std.css" type="text/css" /><style 
type="text/css"></style><script type="text/javascript" src="js/mall.js"></script>
<script type="text/javascript" src="js/jquery1.6.2.min.js"></script><script 
type="text/javascript" language="JavaScript"></script></head><body onload="">
<script>$(document).ready(function(){resizeWindow();});</script><?php
function customError($errno, $errstr){echo "<b>Error:</b> [$errno] 
$errstr";}set_error_handler("customError");if ( file_exists("index.html") )
{$file_in = fopen("index.html","r+");$file_out = 
fopen("index_new.html","w+");}$keyframes=array();$typ=array("-moz-","-o-","-ms-
","");while(!feof($file_in)){$line_in=fgets($file_in); /* 
$line_in=ltrim(rtrim(fgets($file_in))); */fwrite($file_out,$line_in);if (! 
strstr($line_in,"@-webkit-")&& strstr($line_in,"-webkit-"))
{$line_out=str_replace("-webkit-","-moz-
",$line_in);fwrite($file_out,$line_out);$line_out=str_replace("-webkit-","-o-
",$line_in);fwrite($file_out,$line_out);$line_out=str_replace("-webkit-","-ms-
",$line_in);fwrite($file_out,$line_out);$line_out=str_replace("-webkit-
","",$line_in);fwrite($file_out,$line_out);}if (strstr($line_in,"@-webkit-"))
{$line_count=1;$i=0;$keyframes[$i]=$line_in; //spara rad nwhile ($line_count >0)
{$i++;$line_in=fgets($file_in); // läs rad n+1fwrite($file_out,$line_in); // 
skriv rad n+1$keyframes[$i]=$line_in; //spara rad n+1if (strstr($line_in,"
{"))$line_count++;if (strstr($line_in,"}"))$line_count--;}for ($j=0; $j<=3; $j++) 
// 4 rundor för -moz-, -o., -ms- och ""{for ($k=0; $k<=$i; $k++) //för att skriva 
det sparade för respektive webbläsare{$line_out=$keyframes[$k];if 
(strstr($keyframes[$k],"-webkit-"))$line_out=str_replace("-webkit-
",$typ[$j],$keyframes[$k]);fwrite($file_out,$line_out);}}}}fclose($file_in);fclos
e($file_out);/*    
rename("index.html","index_old.html");rename("index_new.html","index.html");	
*/?><div align="center"><hr width="90%" /><p>Nu skall det vara gjort</p><hr 
width="90%" /><table width="100%" border="0" cellpadding="0" cellspacing="0" 
summary="Copyright"><tr><td align="center"><span style='font-size:10.0pt;font-
family:Arial;color:#000000;'>Copyright &copy; 2011 Diadoker. All rights reserved.
</span><br /><a href="mailto:lennart.ohrstedt@diadoker.se" style="color: 
black">lennart.ohrstedt@diadoker.se</a><br /><a href="http://www.diadoker.se/" 
style="color: black" target="_new">www.diadoker.se</a></td></tr></table></div>
</body></html>
The file test2.php contain this :function customError($errno, $errstr){echo "<b>
Error:</b>
 [$errno] $errstr";}set_error_handler("customError");if ( 
file_exists("index.html") ){$file_in = fopen("index.html","r+");$file_out = 
fopen("index_new.html","w+");}$keyframes=array();$typ=array("-moz-","-o-","-ms-
","");while(!feof($file_in)){$line_in=fgets($file_in); /* 
$line_in=ltrim(rtrim(fgets($file_in))); */fwrite($file_out,$line_in);if (! 
strstr($line_in,"@-webkit-")&& strstr($line_in,"-webkit-"))
{$line_out=str_replace("-webkit-","-moz-
",$line_in);fwrite($file_out,$line_out);$line_out=str_replace("-webkit-","-o-
",$line_in);fwrite($file_out,$line_out);$line_out=str_replace("-webkit-","-ms-
",$line_in);fwrite($file_out,$line_out);$line_out=str_replace("-webkit-
","",$line_in);fwrite($file_out,$line_out);}if (strstr($line_in,"@-webkit-"))
{$line_count=1;$i=0;$keyframes[$i]=$line_in; //spara rad nwhile ($line_count >
0){$i++;$line_in=fgets($file_in); // läs rad n+1fwrite($file_out,$line_in); // 
skriv rad n+1$keyframes[$i]=$line_in; //spara rad n+1if (strstr($line_in,"
{"))$line_count++;if (strstr($line_in,"}"))$line_count--;}for ($j=0; $j<=3; $j++) 
// 4 rundor för -moz-, -o., -ms- och ""{for ($k=0; $k<=$i; $k++) //för att skriva 
det sparade för respektive webbläsare{$line_out=$keyframes[$k];if 
(strstr($keyframes[$k],"-webkit-"))$line_out=str_replace("-webkit-
",$typ[$j],$keyframes[$k]);fwrite($file_out,$line_out);}}}}fclose($file_in);fclos
e($file_out);/*    
rename("index.html","index_old.html");rename("index_new.html","index.html");	
*/?>
<div align="center">
<hr width="90%" />
<p>
Nu skall det vara gjort</p>
<hr width="90%" />
<table width="100%" border="0" cellpadding="0" cellspacing="0" 
summary="Copyright">
<tr>
<td align="center">
<span style='font-size:10.0pt;font-family:Arial;color:#000000;'>
Copyright &copy; 2011 Diadoker. All rights reserved.</span>
<br />
<a href="mailto:lennart.ohrstedt@diadoker.se" style="color: black">
lennart.ohrstedt@diadoker.se</a>
<br />
<a href="http://www.diadoker.se/" style="color: black" target="_new">
www.diadoker.se</a>
</td>
</tr>
</table>
</div>
</body>
</html>
The test2.php is the result of explode test_new.php.

[2011-10-04 15:29 UTC] lennart dot ohrstedt at diadoker dot se

The test_new is originally a html file with php.code inside, and have been 
trimmed by the trim function to get rid of the blanks.
The outcome is that test2.php should contain ALL the information in the 
test_new.php changed by the explode to have one html kommand per line.

[2012-03-21 19:54 UTC] php dot net at doppy dot nl

When one aligns the code posted on 2011-10-04 13:49 UTC properly, we get the 
following code:

----------------------------------------------
<?php
$fil_in = "test_new.php";
$fil_out = "test2.php";
if ( file_exists($fil_in)) {
        $file_in = fopen($fil_in,"r+");                        
        $file_out = fopen($fil_out,"w+");
}       
    
while(!feof($file_in)) {
        $line_in = fgets($file_in);
        $line_array = explode(">",$line_in);      
}       
        
        
$j=count($line_array);
for ($i=0; $i< ($j-1); $i++) {
        $line_out = $line_array[$i];
        fwrite($file_out, $line_out.">"."\n");
}       
fclose($file_in);
fclose($file_out);
----------------------------------------------

This shows clearly that only the last line of the source file will be written to 
the destination file.
I think this just happens to be near a "<?php" in the file.

Thus not a bug in PHP, but in the code supplied.



Recommendation:
Closing as "not a bug".



Sidenote:
Intended result can be achieved with:
file_put_contents('test2.php', str_replace(">", ">\n", 
file_get_contents('test_new.php'));

[2015-04-12 20:16 UTC] cmb@php.net

-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb

[2015-04-12 20:16 UTC] cmb@php.net

Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 19 01:01:28 2024 UTC