php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #81460 Bad validation of input parameters of report.php
Submitted: 2021-09-19 22:51 UTC Modified: 2021-09-24 16:49 UTC
From: ddpm at liscovius dot de Assigned:
Status: Re-Opened Package: Website problem
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ddpm at liscovius dot de
New email:
PHP Version: OS:

 

 [2021-09-19 22:51 UTC] ddpm at liscovius dot de
Description:
------------
Just trying if a bug appears also on live system.
Triggered it on my dev environment.

Test script:
---------------
will do github PR if verified.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-09-19 22:55 UTC] ddpm at liscovius dot de
Seems ok here. I used PHP8.1RC2 on my dev box.

I assume bugs.php.net uses an older version or suppresses errors.
 [2021-09-20 07:59 UTC] cmb@php.net
> I assume bugs.php.net uses an older version or suppresses
> errors.

Likely both.

> will do github PR if verified.

Would be welcome anyway.
 [2021-09-23 12:41 UTC] nikic@php.net
-Status: Open +Status: Not a bug
 [2021-09-23 12:41 UTC] nikic@php.net
Assuming this is no longer needed...
 [2021-09-24 16:36 UTC] ddpm at liscovius dot de
You might change the title to 'better validation of input parameters of report.php' or something like that.

I got full path with PHP8 when I change the in[passwd] to in[passwd][ooops] in the report.php form as POST parameter in[passwd]

Better add is_string() or similiar check before passing to hash_hmac().

Fatal error: Uncaught TypeError: hash_hmac(): Argument #2 ($data) must be of type string, array given in /var/www/html/bugs/include/functions.php:1692 Stack trace: #0 /var/www/html/bugs/include/functions.php(1692): hash_hmac() #1 /var/www/html/bugs/www/report.php(224): bugs_get_hash() #2 {main} thrown in /var/www/html/bugs/include/functions.php on line 1692

Also spits 'Warning: Undefined array key "package_name" in /var/www/html/bugs/www/report.php on line 70' when I submit form without selecting a package_name on local dev engine with PHP8.0.10
 [2021-09-24 16:49 UTC] cmb@php.net
-Summary: just a live bug test +Summary: Bad validation of input parameters of report.php -Status: Not a bug +Status: Re-Opened
 [2021-09-24 16:49 UTC] cmb@php.net
Thank you for the clarification!  A PR would be welcome.
 [2021-09-24 17:44 UTC] ddpm at liscovius dot de
I **quickly** made some edits:

https://github.com/php/web-bugs/pull/103

and 

https://github.com/php/web-bugs/pull/104

Please test/review.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Oct 18 23:03:34 2021 UTC