ID: 49444 Updated by: sjo...@php.net Reported By: hafizanil at gmail dot com -Status: Open +Status: Feedback Bug Type: Scripting Engine problem Operating System: Windows Xp PHP Version: 5.3.0 New Comment:
Not enough information was provided for us to be able to handle this bug. Please re-read the instructions at http://bugs.php.net/how-to-report.php If you can provide more information, feel free to add it to this bug and change the status back to "Open". Thank you for your interest in PHP. Previous Comments: ------------------------------------------------------------------------ [2009-09-03 01:16:15] hafizanil at gmail dot com Javascript (Page 1) <script language="javascript"> function sentMail() { var url; var to; url = 'ml_compose_com.php?'; document.form.title.value='admin (sit: mr chang n mr sairi n mr pzan) <kamb...@gmail.com>,'; title = escape(document.form.title.value); if(title) { url= url+'&title='+ title; } location = url+"&sent_mail=1"; } </script> Page 2 (ml_compose_com.php) <?php echo "<pre>".print_r($_GET)."</pre>"; var_dump($_GET); ?> ------------------------------------------------------------------------ [2009-09-02 19:11:27] j...@php.net Thank you for this bug report. To properly diagnose the problem, we need a short but complete example script to be able to reproduce this bug ourselves. A proper reproducing script starts with <?php and ends with ?>, is max. 10-20 lines long and does not require any external resources such as databases, etc. If the script requires a database to demonstrate the issue, please make sure it creates all necessary tables, stored procedures etc. Please avoid embedding huge scripts into the report. ------------------------------------------------------------------------ [2009-09-02 16:07:28] hafizanil at gmail dot com Description: ------------ Want to sent variable via javascript via $_GET method and the output going hirewire.The varible sent also been escape first(javascript).Tested using 5.29 and 5.3 Browser 1.Internet Explorer 7 2 Firefox 3.52 3. Opera 10 Reproduce code: --------------- This is tested 5.29 [code] $_GET['to']="admin (sit: mr chang n mr sairi n mr pzan) <kamb...@gmail.com>,"; echo strlen($_GET['to']) // out put 63 var_dump($_GET); // output only showing admin (sit: mr chang n mr sairi n mr pzan) [/code] This is tested 5.30 [code] $_GET['to']="admin (sit: mr chang n mr sairi n mr pzan) <kamb...@gmail.com>,"; echo strlen($_GET['to']) // out put 63 var_dump($_GET); //output :Page going crazy.show all the php source [/code] Expected result: ---------------- var_dump or print_r $_GET array should understand the variable which might contain "<>"; Actual result: -------------- On 5.3 It show all the source php . ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=49444&edit=1