php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65636 Stream path cannot contail null char (chr(0))
Submitted: 2013-09-08 23:02 UTC Modified: 2015-09-09 14:20 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: bilge at scriptfusion dot com Assigned: cmb (profile)
Status: Not a bug Package: Streams related
PHP Version: 5.5.3 OS: Linux
Private report: No CVE-ID: None
 [2013-09-08 23:02 UTC] bilge at scriptfusion dot com
Description:
------------
Stream path can contain any character, whether URL encoded or not, except for the null character. Including a null character in the path raises the following error:

file_get_contents() expects parameter 1 to be a valid path, string given

Both the use case and test suite to support the claims above can be found at https://github.com/Bilge/VerbatimStream/tree/eb185806f9bea3ee65b7d0f3e42dcd27a7b40614

The use case is a custom stream wrapper that takes the path and converts it into a read-only data stream. The current workaround is to urlencode any path that contains nulls. However, this approach provides little benefit over the data wrapper. Being able to include nulls directly in the path would eliminate unnecessary url encoding and decoding in the custom wrapper implementation.


Test script:
---------------
file_get_contents("\000");

//or

file_get_contents("verbatim://\000");

Expected result:
----------------
No error.

Actual result:
--------------
file_get_contents() expects parameter 1 to be a valid path, string given

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-09-19 12:25 UTC] bixuehujin at gmail dot com
AFAIK, it is not possible to contain null character in a filename path, this is not because of PHP but the OS.

At the OS level, it seems no way to handle a file contains null characters.
 [2015-09-09 14:20 UTC] cmb@php.net
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2015-09-09 14:20 UTC] cmb@php.net
Disallowing null bytes in paths is not a bug, but a deliberate
design decision for security reasons. While PHP can handle strings
which contain null bytes well, most underlying C libraries can't,
because NUL is the customary string delimiter in C. To avoid any
troubles, PHP rejects null bytes in paths in the first place.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Oct 19 02:01:27 2019 UTC