#49444 [Bgs]: $_GET variable

[hafizanil at gmail dot com]

 ID:   49444
 User updated by:  hafizanil at gmail dot com
 Reported By:  hafizanil at gmail dot com
 Status:   Bogus
 Bug Type: Scripting Engine problem
 Operating System: Windows Xp
 PHP Version:  5.3.0
 New Comment:

Thesolution i try is to split the string in js first
[code]
 to_array   = to.split("<");
[/code]
Then send back to php as reference.Bug still consider as a bug.
E.g Again

address bar : test.php?mail=admin (sit: mr chang n mr sairi n mr pzan)

[code]
";
echo print_r($_GET);
echo "";
?>
[/code]

Output 

Array
(
[mail] => admin (sit: mr chang n mr sairi n mr pzan)
)
1
Image :http://img512.imageshack.us/img512/9974/bugso.jpg


Previous Comments:


[2009-09-03 11:13:37] m...@php.net

JS treats literal new lines as delimiter.



[2009-09-03 09:39:20] sjo...@php.net

Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.




--------

[2009-09-03 01:16:15] hafizanil at gmail dot com

Javascript (Page 1)

 function sentMail() {
   var url;
   var to;
   url   = 'ml_compose_com.php?';
   document.form.title.value='admin (sit: mr chang n mr sairi n mr
pzan)
<kamb...@gmail.com>,';
   title = escape(document.form.title.value);
   if(title){ url= url+'&title='+ title; }
   location = url+"&sent_mail=1";
  }


Page 2 (ml_compose_com.php)
".print_r($_GET)."";
var_dump($_GET);
?>



[2009-09-02 19:11:27] j...@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with ,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.



--------

[2009-09-02 16:07:28] hafizanil at gmail dot com

Description:

Want to sent variable via javascript via $_GET method and the output
going hirewire.The varible sent also been escape
first(javascript).Tested using 5.29 and 5.3
Browser 1.Internet Explorer 7
2 Firefox 3.52
3. Opera 10

Reproduce code:
---
This is  tested 5.29
[code]
$_GET['to']="admin (sit: mr chang n mr sairi n mr pzan)
,";
echo strlen($_GET['to'])
// out put 63
 var_dump($_GET);
// output only showing admin (sit: mr chang n mr sairi n mr pzan) 
[/code]
This is tested 5.30
[code]
$_GET['to']="admin (sit: mr chang n mr sairi n mr pzan)
,";
echo strlen($_GET['to'])
// out put 63
 var_dump($_GET);
//output :Page going crazy.show all the php source
[/code]

Expected result:

var_dump or print_r $_GET array should understand the variable which
might contain "<>";


Actual result:
--
On 5.3 It show all the source php .





-- 
Edit this bug report at http://bugs.php.net/?id=49444&edit=1

#49444 [Fbk->Opn]: $_GET variable

[hafizanil at gmail dot com]

 ID:   49444
 User updated by:  hafizanil at gmail dot com
 Reported By:  hafizanil at gmail dot com
-Status:   Feedback
+Status:   Open
 Bug Type: Scripting Engine problem
 Operating System: Windows Xp
 PHP Version:  5.3.0
 New Comment:

Javascript (Page 1)

 function sentMail() {
   var url;
   var to;
   url   = 'ml_compose_com.php?';
   document.form.title.value='admin (sit: mr chang n mr sairi n mr
pzan)
<kamb...@gmail.com>,';
   title = escape(document.form.title.value);
   if(title){ url= url+'&title='+ title; }
   location = url+"&sent_mail=1";
  }


Page 2 (ml_compose_com.php)
".print_r($_GET)."";
var_dump($_GET);
?>


Previous Comments:


[2009-09-02 19:11:27] j...@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with ,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.



----------------

[2009-09-02 16:07:28] hafizanil at gmail dot com

Description:

Want to sent variable via javascript via $_GET method and the output
going hirewire.The varible sent also been escape
first(javascript).Tested using 5.29 and 5.3
Browser 1.Internet Explorer 7
2 Firefox 3.52
3. Opera 10

Reproduce code:
---
This is  tested 5.29
[code]
$_GET['to']="admin (sit: mr chang n mr sairi n mr pzan)
,";
echo strlen($_GET['to'])
// out put 63
 var_dump($_GET);
// output only showing admin (sit: mr chang n mr sairi n mr pzan) 
[/code]
This is tested 5.30
[code]
$_GET['to']="admin (sit: mr chang n mr sairi n mr pzan)
,";
echo strlen($_GET['to'])
// out put 63
 var_dump($_GET);
//output :Page going crazy.show all the php source
[/code]

Expected result:

var_dump or print_r $_GET array should understand the variable which
might contain "<>";


Actual result:
--
On 5.3 It show all the source php .





-- 
Edit this bug report at http://bugs.php.net/?id=49444&edit=1

#49444 [NEW]: $_GET variable

[hafizanil at gmail dot com]

From: hafizanil at gmail dot com
Operating system: Windows Xp
PHP version:  5.3.0
PHP Bug Type: Scripting Engine problem
Bug description:  $_GET variable

Description:

Want to sent variable via javascript via $_GET method and the output going
hirewire.The varible sent also been escape first(javascript).Tested using
5.29 and 5.3
Browser 1.Internet Explorer 7
2 Firefox 3.52
3. Opera 10

Reproduce code:
---
This is  tested 5.29
[code]
$_GET['to']="admin (sit: mr chang n mr sairi n mr pzan)
,";
echo strlen($_GET['to'])
// out put 63
 var_dump($_GET);
// output only showing admin (sit: mr chang n mr sairi n mr pzan) 
[/code]
This is tested 5.30
[code]
$_GET['to']="admin (sit: mr chang n mr sairi n mr pzan)
,";
echo strlen($_GET['to'])
// out put 63
 var_dump($_GET);
//output :Page going crazy.show all the php source
[/code]

Expected result:

var_dump or print_r $_GET array should understand the variable which might
contain "<>";


Actual result:
--
On 5.3 It show all the source php .

-- 
Edit bug report at http://bugs.php.net/?id=49444&edit=1
-- 
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=49444&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=49444&r=trysnapshot53
Try a snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=49444&r=trysnapshot60
Fixed in SVN:
http://bugs.php.net/fix.php?id=49444&r=fixed
Fixed in SVN and need be documented: 
http://bugs.php.net/fix.php?id=49444&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=49444&r=alreadyfixed
Need backtrace:  
http://bugs.php.net/fix.php?id=49444&r=needtrace
Need Reproduce Script:   
http://bugs.php.net/fix.php?id=49444&r=needscript
Try newer version:   
http://bugs.php.net/fix.php?id=49444&r=oldversion
Not developer issue: 
http://bugs.php.net/fix.php?id=49444&r=support
Expected behavior:   
http://bugs.php.net/fix.php?id=49444&r=notwrong
Not enough info: 
http://bugs.php.net/fix.php?id=49444&r=notenoughinfo
Submitted twice: 
http://bugs.php.net/fix.php?id=49444&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=49444&r=globals
PHP 4 support discontinued:  http://bugs.php.net/fix.php?id=49444&r=php4
Daylight Savings:http://bugs.php.net/fix.php?id=49444&r=dst
IIS Stability:   
http://bugs.php.net/fix.php?id=49444&r=isapi
Install GNU Sed: 
http://bugs.php.net/fix.php?id=49444&r=gnused
Floating point limitations:  
http://bugs.php.net/fix.php?id=49444&r=float
No Zend Extensions:  
http://bugs.php.net/fix.php?id=49444&r=nozend
MySQL Configuration Error:   
http://bugs.php.net/fix.php?id=49444&r=mysqlcfg