|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #79875 getenv() can't get the right binary string passed by putenv()
Submitted: 2020-07-18 17:02 UTC Modified: 2020-07-18 20:13 UTC
Avg. Score:3.0 ± 1.0
Reproduced:1 of 2 (50.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: paulbalandan at gmail dot com Assigned:
Status: Verified Package: *General Issues
PHP Version: 7.4.8 OS: Windows 10
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2020-07-18 17:02 UTC] paulbalandan at gmail dot com
In Windows when posting binary string to the environment via putenv and then getting it back via getenv, the results are different.

Test script:

$bin = hex2bin('f699c7fd18a8e082d0228932f3acd40e1ef5ef92efcedda32842a211d62f0aa6');


$bin2 = getenv('key', true);

var_dump(bin2hex($bin) === bin2hex($bin2));

Expected result:

Actual result:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2020-07-18 20:13 UTC]
-Status: Open +Status: Verified -Type: Bug +Type: Documentation Problem
 [2020-07-18 20:13 UTC]
As of PHP 7.1.0, PHP on Windows has transparent support for
Unicode file paths[1], and that also applies to environment
variables (the values and the keys).  Since environment variables
are usually character strings (and not general binary strings),
this increases interoperability overall.  I would suggest not to
store arbitrary binary strings as values of environment variables,
but as character strings instead (e.g. in this case you could
store the hexadecimal string in the first place, and hex2bin() it
after retrieval).  If you absolutely need to store such binary
strings in environment variables, you should convert them first to
Unicode (i.e. UTF-8, because UTF-16 and UTF-32 code pages are only
available to managed applications[2], and UTF-7 is … to be
avoided), e.g.

    $bin = sapi_windows_cp_conv(
        65001, // UTF-8 codepage
    $bin2 = getenv('key', true);
    var_dump(bin2hex($bin) === bin2hex($bin2));

So this is expected, but currently undocumented behavior.

[1] <>
[2] <>
 [2020-07-19 12:41 UTC] paulbalandan at gmail dot com
Thank you for that excellent explanation.

One interesting note to add is that once you did that, the binary string is now converted to UTF-8 and cannot be blindly compared against the raw binary string. You need to convert it back to ANSI codepage (1252).

$bin = hex2bin('f699c7fd18a8e082d0228932f3acd40e1ef5ef92efcedda32842a211d62f0aa6');
$bin1 = sapi_windows_cp_conv(1252, 65001, $bin); // converted to UTF-8
$bin2 = getenv('key', true);
$bin3 = sapi_windows_cp_conv(65001, 1252, $bin2); // converted back to ANSI

var_dump(bin2hex($bin1) === bin2hex($bin2)); // bool(true)
var_dump(bin2hex($bin) === bin2hex($bin2)); // bool(false)
var_dump(bin2hex($bin) === bin2hex($bin3)); // bool(true)

And yes, this definitely needs to be documented.
 [2023-01-04 06:53 UTC] a dot minari242 at gmail dot com
That was sso amaz9ng. 

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Feb 28 00:01:32 2024 UTC