#32127 [NEW]: is_numeric() not binary safe

Sun, 27 Feb 2005 03:59:13 -0800 

From:             M dot Kooiman at MAP-IS dot nl
Operating system: Linux 2.6
PHP version:      4.3.10
PHP Bug Type:     Unknown/Other Function
Bug description:  is_numeric() not binary safe

Description:
------------
Hi,

It seems is_numeric() isn't binary safe. Which, in itself isn't a big
problem, but it becomes a problem when is_numeric () is used as input
(GET/POST) validation. 





Reproduce code:
---------------
<?php

/*
 * I'm fully aware you should first sanitize the data before outputting.
The following code
 * is just an example pointing out the problem. Also consider situations
where
 * the result is trusted because of is_numeric() and then used in SQL
queries.
 */

/* call this like:
file.php?whatever=123%00<script>alert(document.cookie);</script>
*/

if (is_numeric($_GET['whatever']))
{
    echo "Whatever: {$_GET['whatever']}<br>";
} else{
    echo 'The string isn't numeric.';
}

?>


Expected result:
----------------
is_numeric() should fail the string because it contains extra arbitrary
data.


Actual result:
--------------
is_numeric() will validate a string that has a number + null char +
arbitrary data as a valid number.

-- 
Edit bug report at http://bugs.php.net/?id=32127&edit=1
-- 
Try a CVS snapshot (php4):   http://bugs.php.net/fix.php?id=32127&r=trysnapshot4
Try a CVS snapshot (php5.0): 
http://bugs.php.net/fix.php?id=32127&r=trysnapshot50
Try a CVS snapshot (php5.1): 
http://bugs.php.net/fix.php?id=32127&r=trysnapshot51
Fixed in CVS:                http://bugs.php.net/fix.php?id=32127&r=fixedcvs
Fixed in release:            http://bugs.php.net/fix.php?id=32127&r=alreadyfixed
Need backtrace:              http://bugs.php.net/fix.php?id=32127&r=needtrace
Need Reproduce Script:       http://bugs.php.net/fix.php?id=32127&r=needscript
Try newer version:           http://bugs.php.net/fix.php?id=32127&r=oldversion
Not developer issue:         http://bugs.php.net/fix.php?id=32127&r=support
Expected behavior:           http://bugs.php.net/fix.php?id=32127&r=notwrong
Not enough info:             
http://bugs.php.net/fix.php?id=32127&r=notenoughinfo
Submitted twice:             
http://bugs.php.net/fix.php?id=32127&r=submittedtwice
register_globals:            http://bugs.php.net/fix.php?id=32127&r=globals
PHP 3 support discontinued:  http://bugs.php.net/fix.php?id=32127&r=php3
Daylight Savings:            http://bugs.php.net/fix.php?id=32127&r=dst
IIS Stability:               http://bugs.php.net/fix.php?id=32127&r=isapi
Install GNU Sed:             http://bugs.php.net/fix.php?id=32127&r=gnused
Floating point limitations:  http://bugs.php.net/fix.php?id=32127&r=float
No Zend Extensions:          http://bugs.php.net/fix.php?id=32127&r=nozend
MySQL Configuration Error:   http://bugs.php.net/fix.php?id=32127&r=mysqlcfg

Reply via email to