PHP :: Bug #9462 :: NULL bute eats rest of string

Bug #9462	NULL bute eats rest of string
Submitted:	2001-02-26 09:17 UTC	Modified:	2001-05-05 14:33 UTC
From:	tharbad at kaotik dot org	Assigned:
Status:	Closed	Package:	Filesystem function related
PHP Version:	4.0.4pl1	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

[2001-02-26 09:17 UTC] tharbad at kaotik dot org

I'm not sure if this is a bug or feature, comments are apreciated.

http://bugs.horde.org/show_bug.cgi?id=621

Example:
<quote>
include($string . ".php");
</quote>
with "magic_quotes_gpc = On" (php.ini) calling test.php?string=test%00
result: Warning: Failed opening 'test\0.php' for inclusion
with "magic_quotes_gpc = Off", same request
result: Warning: Failed opening 'test' for inclusion

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-02-28 23:06 UTC] bbonev@php.net

just error reporting functions are not binary safe. although i do not see a reason to open a file containing a null char in the name - most OSes will get the part before the first null char. lets call it bug because current behav doesn't help enough to track the problem

[2001-03-01 10:34 UTC] tharbad at kaotik dot org

On my system, with something like:
include($string . ".php");

I'm able to get, for example, /etc/passwd by adding a null byte to the end of $string, causing the include function to ignore the ".php" extension set on the include.

[2001-05-05 14:33 UTC] derick@php.net

Andi says:
I don't understand why this is a bug. He should code better :) This is how
the OS works or am I missing something?

This is an OS thingy, so I'm closing this.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Apr 25 19:01:29 2025 UTC