|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #56600 Input fields should set maximum length to prevent unexpected input truncation
Submitted: 2005-10-18 12:29 UTC Modified: 2006-12-24 14:33 UTC
From: Assigned: dbs (profile)
Status: Closed Package: PECL website (PECL)
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
 [2005-10-18 12:29 UTC]
The input fields for the "New Package" form (peclweb/public_html/package-new.php) should set the maximum length of the field. In HTML::Form this is the fourth optional parameter for the HTML::Form->returnText() function.

Reproduce code:
Index: package-new.php
RCS file: /repository/peclweb/public_html/package-new.php,v
retrieving revision 1.24
diff -u -r1.24 package-new.php
--- package-new.php     9 Oct 2005 00:28:00 -0000       1.24
+++ package-new.php     18 Oct 2005 16:23:36 -0000
@@ -131,7 +131,7 @@
     $bb = new BorderBox("Register package", "100%", "", 2, true);
     $bb->horizHeadRow("Package Name", $form->returnText("name", get("name"), 20));
-    $bb->horizHeadRow("License", $form->returnText("license", get("license"), 20));
+    $bb->horizHeadRow("License", $form->returnText("license", get("license"), 20, 20));
     $cats = $form->returnSelect("category", $categories, get("category"), 1,
                                 "--Select Category--");
     $bb->horizHeadRow("Category", $cats);

Expected result:
Typical user will be unable to enter > 20 chars in the License text field, preventing unexpected truncation of the input.  Setting the maxlength attribute of the text field will let users know how much text they have to work with.

Actual result:
I found this problem when I added the PDO_IDS package with the license "Apache License, Version 2.0", only to have the database silently truncate the input to "Apache License, Ver". The same bug bit me when I added the ibm_db2 license.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-10-18 17:45 UTC] denials at gmail dot com
This bug has been fixed in CVS.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on

In case this was a website problem, the change will show
up on the website in short time.
Thank you for the report, and for helping us make PECL better.

The database column definition for license was altered to be a max of 50 chars. I have committed a change that implements a maxlength setting for most of the input fields on this page according to the database definitions.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed May 29 02:01:30 2024 UTC