httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 17549] New: - Apache (php) post irregularities
Date Fri, 28 Feb 2003 22:41:46 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17549>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17549

Apache (php) post irregularities

           Summary: Apache (php) post irregularities
           Product: Apache httpd-2.0
           Version: 2.0.40
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: All
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: heckler@bendnet.com


(This bug was originally directed at Redhat's bug database. It involves the 
version of apache they ship, 2.0.40, which is not the most recent, but since 
others might look for data here and/or RedHat might point fingers at apache, 
and I haven't been able to find a duplicate here, I'm including a copy anyway)

Description of problem:
Red hat distributes Apache Webserver 2.0.40 with Redhat 8.0, and has not 
released a newer version in it's updates. This version of apache (perhaps in 
concert with PHP 4.2.2, also distributed in RH8.0 updates) appears to have a 
bug in how it handles POST requests. In particular, the content of the post 
request (which takes the form "key1=val1&key2=val2..", I believe) appears to 
be chopped up randomly and rearranged before PHP parses the values out. Thus, 
incoming variables take on values like:

echo "text= '$text'";
-output-
'Here is somtext=Here is some example text'

(in real examples, this may take several hundred characters to replicate)

This was discussed in PHP's bug list, (PHP BUG #18648, 
http://bugs.php.net/bug.php?id=18648 ) appears to be an apache bug, and they 
report that the latest build of apache (2.0.44) seems to fix the problem. The 
last comment confirms that RH8.0 ships with 2.0.40, and that someone should 
notify RedHat. (I venture this is the appropriate place :)
I've searched apache's bug list and found no substantial counterpart, but 
apache doesn't recommend posting bugs on software versions they do not 
consider "up to date". See apache bug #15808, 
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15808 for an example of this 
attitude.

I'd recommend either releasing a newer version of apache in updates, or a new 
patchlevel for 2.0.40 addressing this issue. (I'm not really a packager, but I 
play one on tv :)

Version-Release number of selected component (if applicable):
httpd 2.0.40-11, tested against php 4.2.2-8.0.7

How reproducible:
99%

Steps to Reproduce:
1. build a simple web form with a textarea element (lets say it's named "foo") 
and a submit button, that submits using POST method.
1a. To aid reproduceability, make sure the textarea is the only named form 
element, no name for the submit button.
1b. Some people have suggested that multiple named form elements either make 
the bug go away or else make it harder to spot (corrupting variables you don't 
use), either way diminishing reproduceability
2. in response page, using php, <? print_r($_POST) ?>
2a. Some have reported php_info() confirms the error when it dumps incoming 
POST values, I haven't tried that.
3. Enter several kilobytes of data, just to be sure, into the text area and 
submit the form.
    
Actual results:
PHP will report that $_POST['foo'] contains a value with portions copied and 
spliced around, perhaps delimited by "foo=".

Expected results:
PHP should report that $_POST['foo'] matches your input text, give or take the 
effects of magic quotes and the like.

Additional info:
Fair discussion of the problem:
PHP BUG #18648, http://bugs.php.net/bug.php?id=18648

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message