php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #62395 str_replace重写有误
Submitted: 2012-06-22 14:01 UTC Modified: 2012-06-23 09:33 UTC
From: 274611049 at qq dot com Assigned: laruence (profile)
Status: Closed Package: taint (PECL)
PHP Version: 5.3.14 OS: suse linux
Private report: No CVE-ID: None
View Developer Edit
 [2012-06-22 14:01 UTC] 274611049 at qq dot com 
Description:
------------
函数原型为:
string str_replace(mixed $search, mixed $replace, mixed $subject [, int &$count])

需要跟踪的参数为$subject 和 $replace 而不是$search 和 $replace

Test script:
---------------

<?php 
$a = "tainted string" . ".";
taint($a); //must use concat to make the string not a internal string(introduced in 5.4)

$b = str_replace("str", "btr", $a);
var_dump(is_tainted($b));

?>




Expected result:
----------------
bool(true)

Actual result:
--------------
bool(false)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-06-22 15:22 UTC] felipe@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: laruence
 [2012-06-22 16:27 UTC] laruence@php.net 
谢谢指出这个问题, 我会尽快修复.
 [2012-06-23 09:27 UTC] laruence@php.net 
Automatic comment from SVN on behalf of laruence
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=326308
Log: Fixed Bug #62395 (str_replace重写有误)
 [2012-06-23 09:33 UTC] laruence@php.net
-Status: Assigned +Status: Closed
 [2012-06-23 09:33 UTC] laruence@php.net 
Thank you for your bug report. This issue has already been fixed
in the latest released version of PHP, which you can download at 
http://www.php.net/downloads.php
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Dec 22 06:01:30 2024 UTC