ID: 46745
User updated by: david at sickmiller dot com
Reported By: david at sickmiller dot com
-Status: Feedback
+Status: Open
Bug Type: HTTP related
Operating System: Linux
PHP Version: 5.2.6
New Comment:
For a web application, I have written a PHP file that is a general form
handler. Various different forms all post to this same file, which does
a foreach through $_POST and essentially produces a table with each
field question and answer. Some of the forms include file uploads, so I
have to use multipart/form-data.
The forms are generated dynamically in a moderately expensive operation
and result in HTML like this:
<form>
What's your first name? <input name="What's your name?">
</form>
The questions actually come from different systems, so I don't have the
flexibility to change them to remove the non-alphanumeric characters.
And it shouldn't be necessary according to the HTML spec. It's
generally been working, except for the peculiar combinations of
apostophes, quotation marks, and semicolons that I inadvertently ran
into recently and have documented in this bug. I checked the header,
and it looks like Firefox is correctly submitting the data.
I realize this is a niche case. How difficult does the fix look?
Previous Comments:
------------------------------------------------------------------------
[2008-12-08 11:52:46] [EMAIL PROTECTED]
Eh..what's the actual bug here? If you pass crap to PHP, you get crap
back.
------------------------------------------------------------------------
[2008-12-03 21:54:47] david at sickmiller dot com
Description:
------------
When a form is submitted using multipart-/form-data enctype, PHP will
truncate field names if they contain semicolons and certain other
characters. It seems to happen when there is an uneven number of
quotation marks that precede the semicolon.
Reproduce code:
---------------
<html><form action="semicolon.php" method="POST"
enctype="multipart/form-data">
<input type="hidden" name="before ; after">
<input type="hidden" name="" before ; after">
<input type="hidden" name="' before ; after">
<input type="hidden" name="' ' before ; after">
<input type="hidden" name="' " before ; after">
<input type="hidden" name="" ' before ; after">
<input type="hidden" name="" " before ;
after">
<input type="hidden" name="" ' ' before ; after">
<input type="hidden" name="" ' " before ;
after">
<input type="hidden" name="" " ' before ;
after">
<input type="hidden" name="" " " before
; after">
<input type="hidden" name="' ' ' before ; after">
<input type="hidden" name="' ' " before ; after">
<input type="hidden" name="' " ' before ; after">
<input type="hidden" name="' " " before ;
after">
<input type="submit">
</form><pre><?php
print_r($_POST);
?></pre> </html>
Expected result:
----------------
Array
(
[before_;_after] =>
["_before_;_after] =>
['_before_;_after] =>
['_'_before_;_after] =>
['_"_before_;_after] =>
["_'_before_;_after] =>
["_"_before_;_after] =>
["_'_'_before_;_after] =>
["_'_"_before_;_after] =>
["_"_'_before_;_after] =>
["_"_"_before_;_after] =>
['_'_'_before_;_after] =>
['_'_"_before_;_after] =>
['_"_'_before_;_after] =>
['_"_"_before_;_after] =>
)
Actual result:
--------------
Array
(
[before_;_after] =>
["_before_] =>
['_before_;_after] =>
['_'_before_;_after] =>
['_"_before_] =>
["_'_before_;_after] =>
["_"_before_;_after] =>
["_'_'_before_] =>
["_'_"_before_;_after] =>
["_"_'_before_;_after] =>
["_"_"_before_] =>
['_'_'_before_;_after] =>
['_'_"_before_] =>
['_"_'_before_;_after] =>
['_"_"_before_;_after] =>
)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=46745&edit=1
