|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75663 file_get_contents() fatal error by php:// wrapper
Submitted: 2017-12-10 16:44 UTC Modified: 2017-12-10 17:13 UTC
From: debukuk154 at gmail dot com Assigned:
Status: Not a bug Package: Filesystem function related
PHP Version: 7.0.26 OS: Ubuntu
Private report: No CVE-ID: None
 [2017-12-10 16:44 UTC] debukuk154 at gmail dot com
Test script:
When you trying to input like php:// wrapper, You can see it will error by php://filter/.
I don't know why it's occur an error. so i just report this bug now.

if it's input by user (i mean, file_get_contents() function), it can be connection by security vulnerability.
in case, user are trying input to php://filter/ like that, the user are can make exploit to vuln maliciously.

Test script:
session_start(); // start session
$_SESSION['auth'] = true; // set auth variable to true value
file_get_contents("php://filter/"); // file_get_contents is have php://filter/
$_SESSION['auth'] = false; // set auth variable to false value
session_start(); // start session
echo $_SESSION['auth']; // print auth variable

Expected result:
It will stop by force. because file_get_contents("php://filter/") are occur an error.

Actual result:
This is occur an error and it can be break the code.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-12-10 17:13 UTC]
-Status: Open +Status: Not a bug
 [2017-12-10 17:13 UTC]
And what do you expect PHP to do about it? You are the one who wrote incorrect and unsafe code. Don't do that.
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat Jul 31 13:01:25 2021 UTC