|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #61035 Null byte truncates $_GET variables
Submitted: 2012-02-10 04:10 UTC Modified: 2015-04-15 22:30 UTC
From: halomarkguy at gmail dot com Assigned: cmb (profile)
Status: Not a bug Package: Apache2 related
PHP Version: 5.3SVN-2012-02-10 (SVN) OS: linux (debian squeeze)
Private report: No CVE-ID: None
 [2012-02-10 04:10 UTC] halomarkguy at gmail dot com
I was working with some serialization and I found that if there's a null byte in 
the $_GET variable the variable and the string disappear.

I'm not sure why a serialized object is using a null byte for private or protected 
members in the first place, as null bytes are used for termination.

Test script:
on the server:


Expected result:
If we send a request:

GET /bla.php?

reply: 'array (\n'
array (
  'rest_data' => 'O:14:"LoadsCacheFile":11:{s:12:"',


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2015-04-15 22:30 UTC]
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2015-04-15 22:30 UTC]
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

If you pass arbitrary data as GET parameter, you have to
urlencode() them anyway.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Jul 23 19:01:29 2024 UTC