Edit report at http://bugs.php.net/bug.php?id=53767&edit=1
ID: 53767
Updated by: ras...@php.net
Reported by: bjorn dot brandewall at gmail dot com
Summary: $_GET variable not created if query string contains
%00
-Status: Open
+Status: Bogus
Type: Bug
Package: Apache related
Operating System: gentoo-r4 #3
PHP Version: 5.3.5
Block user comment: N
Private report: N
New Comment:
Unable to reproduce. Probably running some non-standard PHP code that
is doing
this.
Previous Comments:
------------------------------------------------------------------------
[2011-01-17 14:45:00] bjorn dot brandewall at gmail dot com
Description:
------------
(I'm using PHP Version 5.3.4, but that one wasn't in the list...)
Consider the following query string:
/test.php?A=1&B=hello%00&C=3
This will generate the $_GET (and $_REQUEST) array:
(
'A'=>1,
'C'=>3
)
As you can see, B isn't included above. That's because the string
contains '%00'. This looks like a bug to me.
Sure, NULL characters are not common, but they should be valid,
shouldn't they? In this case I produced the string ending with '%00' by
running urlencode() on an mcrypt():ed string.
"%95do%AFZF%ED%F6%C3%22%25%FC%00", if you're interested.
Test script:
---------------
n/a
Expected result:
----------------
$_GET and $_REQUEST should look like this (replace 'NULL' with actual
NULL character):
array(
'A'=>1,
'B'=>'HelloNULL',
'C'=>3
)
Actual result:
--------------
$_GET and $_REQUEST look like this:
array(
'A'=>1,
'C'=>3
)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=53767&edit=1
