php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #66976 parse_str does not explain how bad inputs are handled
Submitted: 2014-03-28 21:07 UTC Modified: 2017-01-28 17:02 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: jakub dot lopuszanski at nasza-klasa dot pl Assigned:
Status: Open Package: Strings related
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jakub dot lopuszanski at nasza-klasa dot pl
New email:
PHP Version: OS:

 

 [2014-03-28 21:07 UTC] jakub dot lopuszanski at nasza-klasa dot pl 
Description:
------------
---
From manual page: http://www.php.net/function.parse-str
---
The manual does not mention how invalid input (and what is considered as such) will be handled.
As this is probably the only method which can be used to manually parse DELETE or PUT body, I would expect people to use this function in low level code, where it is crucial to know what to expect.
Will it throw exception? Will it set $arr to null? Will it set it to false? Or empty array? Will it simply ignore invalid parts? Will it emit E_WARNING or E_ERROR? What if max_input_vars will be exceeded? What about wrong UTF-8 sequences? How about trailing &, or %?

Btw. why don't you provide $_DELETE and $_PUT arrays is a mystery to me.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-28 17:02 UTC] cmb@php.net
-Package: Documentation problem +Package: Strings related
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 26 01:01:30 2024 UTC