|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #9462 NULL bute eats rest of string
Submitted: 2001-02-26 09:17 UTC Modified: 2001-05-05 14:33 UTC
From: tharbad at kaotik dot org Assigned:
Status: Closed Package: Filesystem function related
PHP Version: 4.0.4pl1 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
37 + 45 = ?
Subscribe to this entry?

 [2001-02-26 09:17 UTC] tharbad at kaotik dot org
I'm not sure if this is a bug or feature, comments are apreciated.

include($string . ".php");
with "magic_quotes_gpc = On" (php.ini) calling test.php?string=test%00
result: Warning: Failed opening 'test\0.php' for inclusion
with "magic_quotes_gpc = Off", same request
result: Warning: Failed opening 'test' for inclusion


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-02-28 23:06 UTC]
just error reporting functions are not binary safe. although i do not see a reason to open a file containing a null char in the name - most OSes will get the part before the first null char. lets call it bug because current behav doesn't help enough to track the problem
 [2001-03-01 10:34 UTC] tharbad at kaotik dot org
On my system, with something like:
include($string . ".php");

I'm able to get, for example, /etc/passwd by adding a null byte to the end of $string, causing the include function to ignore the ".php" extension set on the include.

 [2001-05-05 14:33 UTC]
Andi says:
I don't understand why this is a bug. He should code better :) This is how
the OS works or am I missing something?

This is an OS thingy, so I'm closing this.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Jul 16 05:01:29 2024 UTC