#26817 [Opn->Asn]: http_build_query adds %00 everywhere and allows people to see every members..

iliaa Tue, 06 Jan 2004 12:53:41 -0800

 ID:               26817
 Updated by:       [EMAIL PROTECTED]
 Reported By:      [EMAIL PROTECTED]
-Status:           Open
+Status:           Assigned
 Bug Type:         *Network Functions
 Operating System: Any
 PHP Version:      5CVS-2004-01-06 (dev)
 Assigned To:      iliaa



Previous Comments:
------------------------------------------------------------------------

[2004-01-06 12:35:03] [EMAIL PROTECTED]

Description:
------------
The http_build_query() function allows people to see every members of
an object (even private/protected) and it adds strange %00 in the
result after every private member (like \0 is converted in hex.).

Reproduce code:
---------------
class test { 
private $foo;
private $bar;

function __constructor() {
$bar = 'meuh';
$foo = 'lala';
}

$obj = new test;
var_dump(http_build_query($obj));

Expected result:
----------------
It should ignore privates/protected.

Actual result:
--------------
It doesn't ignore private/protected and it adds %00 at the end of every
private/protected members.


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=26817&edit=1

#26817 [Opn->Asn]: http_build_query adds %00 everywhere and allows people to see every members..

Reply via email to