php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68845 Logical operator interpreted inside unquoted strings
Submitted: 2015-01-16 13:41 UTC Modified: 2015-01-16 19:28 UTC
From: vincent dot raman at macq dot eu Assigned:
Status: Not a bug Package: Unknown/Other Function
PHP Version: 5.6.4 OS: Opensuse 13.2
Private report: No CVE-ID: None
 [2015-01-16 13:41 UTC] vincent dot raman at macq dot eu
Description:
------------
---
From manual page: http://www.php.net/function.parse-ini-file
---

parse_ini_file and parse_ini_string try to interpret loogical operator inside not quoted strings.

If we have keys equal to unquoted strings with '|', '&', '^', or '!' inside, everything will be interpreted as numbers even if it was simple strings. 

Furthermore, if the string starts with a "dual" operator like '|', '&' or '^', php will say there is a syntax error. Same if we use '!' in the middle of a string.

That is with ZEND_INI_SCANNER_NORMAL.

With ZEND_INI_SCANNER_RAW, we don't have the problem, but we have ini files from Zend framework 1 where we have

test = ^foo "bar"

It was translated as '^foo bar'. With ZEND_INI_SCANNER_RAW, it becomes '^foo "bar"'. Which is not what we had with php5.4.

Test script:
---------------
var_dump(parse_ini_string('test = foo & bar'));
var_dump(parse_ini_string('test = &foo'));

var_dump(parse_ini_string('test = foo | bar'));
var_dump(parse_ini_string('test = |foo'));

var_dump(parse_ini_string('test = foo ^ bar'));
var_dump(parse_ini_string('test = ^foo'));

var_dump(parse_ini_string('test = foo ! bar'));
var_dump(parse_ini_string('test = !foo'));

Expected result:
----------------
If the text does not represent numbers, don't try to apply the operator.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-01-16 19:28 UTC] aharvey@php.net
-Status: Open +Status: Not a bug
 [2015-01-16 19:28 UTC] aharvey@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

I think it's extremely unlikely we'd try to be more selective about this: this is long standing PHP INI parsing behaviour.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 17:01:29 2024 UTC