php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65550 get_browser() incorrectly parses entries with "+" sign
Submitted: 2013-08-25 15:27 UTC Modified: 2016-08-26 23:09 UTC
Votes:3
Avg. Score:3.3 ± 1.2
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: quentin389 at gmail dot com Assigned: cmb
Status: Closed Package: Unknown/Other Function
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID:
 [2013-08-25 15:27 UTC] quentin389 at gmail dot com
Description:
------------
get_browser() incorrectly handles entries from browscap.ini files when they have "+" sign in the pattern match. The "+" in the ini files is a LITERAL character, not a wildcard match. The only wildcard that browscap.ini source files use are "*" and "?".
The result of that is that none of the browscap.ini entries that have a match pattern with "+" ever match the browsers that they are supposed to match.

My suspicion is that if you'd change https://github.com/php/php-src/blob/master/ext/standard/browscap.c#L110 and add:

case '+':
  t[j++] = '\\';
  t[j] = '+';
  break;

everything would be fixed. But I haven't tested that.

Test script:
---------------
// browscap.ini entry:
// [Mozilla/5.0 (compatible; AhrefsBot/*; +http://ahrefs.com/robot/)]
// Parent="Search Engines"
// Browser="AhrefsBot"

echo "<pre>";
var_dump(get_browser('Mozilla/5.0 (compatible; AhrefsBot/4.0; +http://ahrefs.com/robot/)'));


Expected result:
----------------
object(stdClass)#2 (35) {
  (...)
  ["Browser"]=>
  string(9) "AhrefsBot"


Actual result:
--------------
object(stdClass)#1 (34) {
  (...)
  ["browser"]=>
  string(15) "Default Browser"


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-10-24 08:31 UTC] oliver at realtsp dot com
I can confirm this bug on php 5.4.14 using this browscap file:
http://tempdownloads.browserscap.com/stream.asp?PHP_BrowsCapINI

"Mozilla/5.0 (compatible; AhrefsBot/5.0; +http://ahrefs.com/robot/)"

is not recognised
 [2015-05-27 01:09 UTC] contact at willianveiga dot com
I cannot reproduce this on master (b73f87b). Maybe it was already fixed.
 [2016-08-26 22:58 UTC] cmb@php.net
-Summary: get_browser() incorrectly parsers entries with "+" sign. +Summary: get_browser() incorrectly parsers entries with "+" sign -Status: Open +Status: Analyzed -Assigned To: +Assigned To: cmb
 [2016-08-26 22:58 UTC] cmb@php.net
> The "+" in the ini files is a LITERAL character, not a wildcard
> match.

Indeed. Thanks!
 [2016-08-26 23:09 UTC] cmb@php.net
-Summary: get_browser() incorrectly parsers entries with "+" sign +Summary: get_browser() incorrectly parses entries with "+" sign
 [2016-08-26 23:34 UTC] cmb@php.net
Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2139918ea6f5088e9ed5daa734568b4a50217f52
Log: Fix #65550: get_browser() incorrectly parsers entries with &quot;+&quot; sign
 [2016-08-26 23:34 UTC] cmb@php.net
-Status: Analyzed +Status: Closed
 [2016-10-17 10:09 UTC] bwoebi@php.net
Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2139918ea6f5088e9ed5daa734568b4a50217f52
Log: Fix #65550: get_browser() incorrectly parsers entries with &quot;+&quot; sign
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC