From:             
Operating system: N/A
PHP version:      trunk-SVN-2012-01-07 (SVN)
Package:          CGI/CLI related
Bug Type:         Bug
Bug description:CGI doesn't properly validate shebang line contains #!

Description:
------------
When running in CGI, PHP attempts to look for a shebang. However there is a
bug 
where if the first character of the first line is a hash character/pound 
character (#), PHP doesn't validate that the next character is an
exclamation 
mark and thus a properly formed shebang line (e.g. #!). Instead PHP just
skips 
the entire line ignoring any PHP code that might be on that line.

The code in question from a quick examination appears to be here in trunk:
http://svn.php.net/viewvc/php/php-src/trunk/sapi/cgi/cgi_main.c?
revision=321634&view=markup

On lines 2361, 2379 and 2396.

And on the PHP 5.4 branch:
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/sapi/cgi/cgi_main.c?
revision=321634&view=markup

On lines 2362, 2380 and 2397.

This has been replicated on PHP 5.3.3 and PHP 5.3.5 as well as being in
current 
trunk.

Test script:
---------------
#<?php echo "Hello World\n"; ?>
Second line.

Expected result:
----------------
X-Powered-By: PHP/5.3.3-7+squeeze3
Content-type: text/html

#Hello World
Second line.

Actual result:
--------------
X-Powered-By: PHP/5.3.3-7+squeeze3
Content-type: text/html

Second line.

-- 
Edit bug report at https://bugs.php.net/bug.php?id=60677&edit=1
-- 
Try a snapshot (PHP 5.4):            
https://bugs.php.net/fix.php?id=60677&r=trysnapshot54
Try a snapshot (PHP 5.3):            
https://bugs.php.net/fix.php?id=60677&r=trysnapshot53
Try a snapshot (trunk):              
https://bugs.php.net/fix.php?id=60677&r=trysnapshottrunk
Fixed in SVN:                        
https://bugs.php.net/fix.php?id=60677&r=fixed
Fixed in SVN and need be documented: 
https://bugs.php.net/fix.php?id=60677&r=needdocs
Fixed in release:                    
https://bugs.php.net/fix.php?id=60677&r=alreadyfixed
Need backtrace:                      
https://bugs.php.net/fix.php?id=60677&r=needtrace
Need Reproduce Script:               
https://bugs.php.net/fix.php?id=60677&r=needscript
Try newer version:                   
https://bugs.php.net/fix.php?id=60677&r=oldversion
Not developer issue:                 
https://bugs.php.net/fix.php?id=60677&r=support
Expected behavior:                   
https://bugs.php.net/fix.php?id=60677&r=notwrong
Not enough info:                     
https://bugs.php.net/fix.php?id=60677&r=notenoughinfo
Submitted twice:                     
https://bugs.php.net/fix.php?id=60677&r=submittedtwice
register_globals:                    
https://bugs.php.net/fix.php?id=60677&r=globals
PHP 4 support discontinued:          
https://bugs.php.net/fix.php?id=60677&r=php4
Daylight Savings:                    https://bugs.php.net/fix.php?id=60677&r=dst
IIS Stability:                       
https://bugs.php.net/fix.php?id=60677&r=isapi
Install GNU Sed:                     
https://bugs.php.net/fix.php?id=60677&r=gnused
Floating point limitations:          
https://bugs.php.net/fix.php?id=60677&r=float
No Zend Extensions:                  
https://bugs.php.net/fix.php?id=60677&r=nozend
MySQL Configuration Error:           
https://bugs.php.net/fix.php?id=60677&r=mysqlcfg

Reply via email to