From: [EMAIL PROTECTED]
Operating system: Any
PHP version: 5CVS-2004-01-06 (dev)
PHP Bug Type: *Network Functions
Bug description: http_build_query adds %00 everywhere and allows people to see every
members..
Description:
------------
The http_build_query() function allows people to see every members of an
object (even private/protected) and it adds strange %00 in the result
after every private member (like \0 is converted in hex.).
Reproduce code:
---------------
class test {
private $foo;
private $bar;
function __constructor() {
$bar = 'meuh';
$foo = 'lala';
}
$obj = new test;
var_dump(http_build_query($obj));
Expected result:
----------------
It should ignore privates/protected.
Actual result:
--------------
It doesn't ignore private/protected and it adds %00 at the end of every
private/protected members.
--
Edit bug report at http://bugs.php.net/?id=26817&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=26817&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=26817&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=26817&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=26817&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=26817&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=26817&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=26817&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=26817&r=support
Expected behavior: http://bugs.php.net/fix.php?id=26817&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=26817&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=26817&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=26817&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=26817&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=26817&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=26817&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=26817&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=26817&r=float
