Edit report at http://bugs.php.net/bug.php?id=53298&edit=1
ID: 53298 User updated by: jost dot boekemeier at googlemail dot com Reported by: jost dot boekemeier at googlemail dot com Summary: // $msg_text = '?>...'; Status: Bogus Type: Bug Package: *General Issues Operating System: any PHP Version: 5.2.14 Block user comment: N New Comment: fel...@php.net, thank you very much for taking the time to comment my request, even though you haven't understood it. 1. commenting out a valid variable definition should not cause the PHP parser to *suddenly* parse the definition! 2. this is completely unexpected, even after reading the documentation Please either fix this bug. Change the PHP parser to handle $var = "val<?ue"; and // $var = "val<?ue"; equally: The parser should either stop at the <? or not. For example if you force the programmer to always write "val<"."?ue", the problem vanishes. The current behaviour means that you can expose the contents of an existing PHP file (including database passwords) by commenting out a simple variable definition. -- Line-comments can be problematic, but it shouldn't have such a drastic effect that the script returns unevaluated. Or please clearly document this bug, so that programmers do not use //-style comments to comment-out variable definitions. Previous Comments: ------------------------------------------------------------------------ [2010-11-12 21:43:23] fel...@php.net Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php ------------------------------------------------------------------------ [2010-11-12 20:39:36] bastard dot internets at gmail dot com "?>" is meant to break out of PHP when encountered in a single-line comment (see http://www.php.net/manual/en/language.basic-syntax.comments.php). ------------------------------------------------------------------------ [2010-11-12 12:19:20] jost dot boekemeier at googlemail dot com corrected mail address ------------------------------------------------------------------------ [2010-11-12 12:08:24] jost dot boekemeier at googlemail dot com Description: ------------ PHP Parser doesn't handle comments as such <?php echo 1+2; // $msg_text = '?>RCP_11/11/10_12:31:52_070%_E009.56.35,7_N53.32.39,6_003KM/H_278DEG_0M_2_4_0_1,6_00_0'; echo 1+2; should print 33, and not print the script unevaluated. Test script: --------------- <?php echo 1+2; // $msg_text = '?>RCP_11/11/10_12:31:52_070%_E009.56.35,7_N53.32.39,6_003KM/H_278DEG_0M_2_4_0_1,6_00_0'; echo 1+2; Expected result: ---------------- 33 Actual result: -------------- 3RCP_11/11/10_12:31:52_070%_E009.56.35,7_N53.32.39,6_003KM/H_278DEG_0M_2_4_0_1,6_00_0'; echo 1+2; ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=53298&edit=1
