php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #81460 Bad validation of input parameters of report.php
Submitted: 2021-09-19 22:51 UTC Modified: 2022-05-27 19:01 UTC
From: ddpm at liscovius dot de Assigned: aaronjunker (profile)
Status: Closed Package: Website problem
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ddpm at liscovius dot de
New email:
PHP Version: OS:

 

 [2021-09-19 22:51 UTC] ddpm at liscovius dot de
Description:
------------
Just trying if a bug appears also on live system.
Triggered it on my dev environment.

Test script:
---------------
will do github PR if verified.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-09-19 22:55 UTC] ddpm at liscovius dot de
Seems ok here. I used PHP8.1RC2 on my dev box.

I assume bugs.php.net uses an older version or suppresses errors.
 [2021-09-20 07:59 UTC] cmb@php.net
> I assume bugs.php.net uses an older version or suppresses
> errors.

Likely both.

> will do github PR if verified.

Would be welcome anyway.
 [2021-09-23 12:41 UTC] nikic@php.net
-Status: Open +Status: Not a bug
 [2021-09-23 12:41 UTC] nikic@php.net
Assuming this is no longer needed...
 [2021-09-24 16:36 UTC] ddpm at liscovius dot de
You might change the title to 'better validation of input parameters of report.php' or something like that.

I got full path with PHP8 when I change the in[passwd] to in[passwd][ooops] in the report.php form as POST parameter in[passwd]

Better add is_string() or similiar check before passing to hash_hmac().

Fatal error: Uncaught TypeError: hash_hmac(): Argument #2 ($data) must be of type string, array given in /var/www/html/bugs/include/functions.php:1692 Stack trace: #0 /var/www/html/bugs/include/functions.php(1692): hash_hmac() #1 /var/www/html/bugs/www/report.php(224): bugs_get_hash() #2 {main} thrown in /var/www/html/bugs/include/functions.php on line 1692

Also spits 'Warning: Undefined array key "package_name" in /var/www/html/bugs/www/report.php on line 70' when I submit form without selecting a package_name on local dev engine with PHP8.0.10
 [2021-09-24 16:49 UTC] cmb@php.net
-Summary: just a live bug test +Summary: Bad validation of input parameters of report.php -Status: Not a bug +Status: Re-Opened
 [2021-09-24 16:49 UTC] cmb@php.net
Thank you for the clarification!  A PR would be welcome.
 [2021-09-24 17:44 UTC] ddpm at liscovius dot de
I **quickly** made some edits:

https://github.com/php/web-bugs/pull/103

and 

https://github.com/php/web-bugs/pull/104

Please test/review.
 [2022-05-27 19:01 UTC] aaronjunker@php.net
-Status: Re-Opened +Status: Closed -Assigned To: +Assigned To: aaronjunker
 [2022-05-27 19:01 UTC] aaronjunker@php.net
The fix for this bug has been committed. Since the websites are not directly
updated from the repository, the fix might need some time to spread
across the globe to all mirror sites, including PHP.net itself.

Thank you for the report, and for helping us make PHP.net better.


 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sun Oct 02 22:05:53 2022 UTC