|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65636 Stream path cannot contail null char (chr(0))
Submitted: 2013-09-08 23:02 UTC Modified: 2015-09-09 14:20 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: bilge at scriptfusion dot com Assigned: cmb (profile)
Status: Not a bug Package: Streams related
PHP Version: 5.5.3 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: bilge at scriptfusion dot com
New email:
PHP Version: OS:


 [2013-09-08 23:02 UTC] bilge at scriptfusion dot com
Stream path can contain any character, whether URL encoded or not, except for the null character. Including a null character in the path raises the following error:

file_get_contents() expects parameter 1 to be a valid path, string given

Both the use case and test suite to support the claims above can be found at

The use case is a custom stream wrapper that takes the path and converts it into a read-only data stream. The current workaround is to urlencode any path that contains nulls. However, this approach provides little benefit over the data wrapper. Being able to include nulls directly in the path would eliminate unnecessary url encoding and decoding in the custom wrapper implementation.

Test script:



Expected result:
No error.

Actual result:
file_get_contents() expects parameter 1 to be a valid path, string given


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2013-09-19 12:25 UTC] bixuehujin at gmail dot com
AFAIK, it is not possible to contain null character in a filename path, this is not because of PHP but the OS.

At the OS level, it seems no way to handle a file contains null characters.
 [2015-09-09 14:20 UTC]
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2015-09-09 14:20 UTC]
Disallowing null bytes in paths is not a bug, but a deliberate
design decision for security reasons. While PHP can handle strings
which contain null bytes well, most underlying C libraries can't,
because NUL is the customary string delimiter in C. To avoid any
troubles, PHP rejects null bytes in paths in the first place.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Feb 21 07:01:34 2024 UTC