PHP :: Bug #77842 :: Input interpreted as hex

Bug #77842

Input interpreted as hex

Submitted:

2019-04-03 22:06 UTC

Modified:

2019-04-03 22:35 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

info at standa-david dot com

Assigned:

Status:

Not a bug

Package:

FPM related

PHP Version:

7.2.16

OS:

Debian 9.8

Private report:

CVE-ID:

None

View Add Comment Developer Edit

[2019-04-03 22:06 UTC] info at standa-david dot com

Description:
------------
Hi I am using latest version of PHP-FPM from and nginx
deb https://packages.sury.org/php/ stretch main

When my URL is for example
http://server.url/test.php?test=%00123456789

then the result is: 
Array ( [test] => 123456789 ) 

and not
Array ( [test] => %00123456789 ) 

PHP will interpret beginning of the string as a hex 0x00


Test script:
---------------
<?php
print_r($_GET);

?>

Expected result:
----------------
Array ( [test] => %00123456789 )

Actual result:
--------------
Array ( [test] => 123456789 )

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2019-04-03 22:35 UTC] requinix@php.net

-Status: Open +Status: Not a bug

[2019-04-03 22:35 UTC] requinix@php.net

Learn about query strings.

[2019-04-04 07:02 UTC] spam2 at rhsoft dot net

why do you think a unencoded % sign in your addressbar reaches the server?

php > echo urldecode('%00123456789');
123456789

--------------------

php > echo urlencode('%00123456789');
%2500123456789

php > echo urldecode('%2500123456789');
%00123456789

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 19 23:01:28 2024 UTC