ID: 32127 Updated by: php-bugs@lists.php.net Reported By: M dot Kooiman at MAP-IS dot nl -Status: Feedback +Status: No Feedback Bug Type: Variables related Operating System: * PHP Version: 4CVS, 5CVS (2005-02-27) Assigned To: derick New Comment:
No feedback was provided for this bug for over a week, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open". Previous Comments: ------------------------------------------------------------------------ [2005-04-05 10:18:24] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.0-win32-latest.zip I can't reproduce it with latest snapshots. ------------------------------------------------------------------------ [2005-02-27 12:58:18] M dot Kooiman at MAP-IS dot nl Description: ------------ Hi, It seems is_numeric() isn't binary safe. Which, in itself isn't a big problem, but it becomes a problem when is_numeric () is used as input (GET/POST) validation. Reproduce code: --------------- <?php /* * I'm fully aware you should first sanitize the data before outputting. The following code * is just an example pointing out the problem. Also consider situations where * the result is trusted because of is_numeric() and then used in SQL queries. */ /* call this like: file.php?whatever=123%00<script>alert(document.cookie);</script> */ if (is_numeric($_GET['whatever'])) { echo "Whatever: {$_GET['whatever']}<br>"; } else{ echo 'The string isn't numeric.'; } ?> Expected result: ---------------- is_numeric() should fail the string because it contains extra arbitrary data. Actual result: -------------- is_numeric() will validate a string that has a number + null char + arbitrary data as a valid number. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=32127&edit=1