[Bug 1624527] [NEW] suhosin removes empty fields from $_POST when used with PHP 5.6
rot13
pp at siedziba.pl
Fri Sep 16 22:07:39 CEST 2016
Public bug reported:
In a fresh PLD chroot:
# rpm -qa | grep php
php-dirs-1.7-1.noarch
php56-common-5.6.24-1.x86_64
php56-cgi-5.6.24-1.x86_64
php56-suhosin-0.9.36-2.x86_64
php55-common-5.5.38-1.x86_64
php55-cgi-5.5.38-1.x86_64
php55-suhosin-0.9.36-2.x86_64
Notice the empty variable missing from $_POST on PHP 5.6:
# echo '<?php var_dump($_POST);' >/tmp/post_test.php && echo "test=test&empty=" | CONTENT_LENGTH=16 REQUEST_METHOD=POST CONTENT_TYPE=application/x-www-form-urlencoded REDIRECT_STATUS=1 SCRIPT_FILENAME=/tmp/post_test.php php56.cgi /tmp/post_test.php
Content-type: text/html; charset=UTF-8
array(1) {
["test"]=>
string(4) "test"
}
PHP 5.5 works correctly:
# echo '<?php var_dump($_POST);' >/tmp/post_test.php && echo "test=test&empty=" | CONTENT_LENGTH=16 REQUEST_METHOD=POST CONTENT_TYPE=application/x-www-form-urlencoded REDIRECT_STATUS=1 SCRIPT_FILENAME=/tmp/post_test.php php55.cgi /tmp/post_test.php
Content-type: text/html
array(2) {
["test"]=>
string(4) "test"
["empty"]=>
string(0) ""
}
PHP 5.6 without loading suhosin (by uninstalling it or adding -n flag) also works correctly:
# echo '<?php var_dump($_POST);' >/tmp/post_test.php && echo "test=test&empty=" | CONTENT_LENGTH=16 REQUEST_METHOD=POST CONTENT_TYPE=application/x-www-form-urlencoded REDIRECT_STATUS=1 SCRIPT_FILENAME=/tmp/post_test.php php56.cgi -n /tmp/post_test.php
X-Powered-By: PHP/5.6.24
Content-type: text/html; charset=UTF-8
array(2) {
["test"]=>
string(4) "test"
["empty"]=>
string(0) ""
}
** Affects: pld-linux
Importance: Undecided
Status: New
--
You received this bug notification because you are subscribed to PLD
Linux.
https://bugs.launchpad.net/bugs/1624527
Title:
suhosin removes empty fields from $_POST when used with PHP 5.6
Status in PLD Linux:
New
Bug description:
In a fresh PLD chroot:
# rpm -qa | grep php
php-dirs-1.7-1.noarch
php56-common-5.6.24-1.x86_64
php56-cgi-5.6.24-1.x86_64
php56-suhosin-0.9.36-2.x86_64
php55-common-5.5.38-1.x86_64
php55-cgi-5.5.38-1.x86_64
php55-suhosin-0.9.36-2.x86_64
Notice the empty variable missing from $_POST on PHP 5.6:
# echo '<?php var_dump($_POST);' >/tmp/post_test.php && echo "test=test&empty=" | CONTENT_LENGTH=16 REQUEST_METHOD=POST CONTENT_TYPE=application/x-www-form-urlencoded REDIRECT_STATUS=1 SCRIPT_FILENAME=/tmp/post_test.php php56.cgi /tmp/post_test.php
Content-type: text/html; charset=UTF-8
array(1) {
["test"]=>
string(4) "test"
}
PHP 5.5 works correctly:
# echo '<?php var_dump($_POST);' >/tmp/post_test.php && echo "test=test&empty=" | CONTENT_LENGTH=16 REQUEST_METHOD=POST CONTENT_TYPE=application/x-www-form-urlencoded REDIRECT_STATUS=1 SCRIPT_FILENAME=/tmp/post_test.php php55.cgi /tmp/post_test.php
Content-type: text/html
array(2) {
["test"]=>
string(4) "test"
["empty"]=>
string(0) ""
}
PHP 5.6 without loading suhosin (by uninstalling it or adding -n flag) also works correctly:
# echo '<?php var_dump($_POST);' >/tmp/post_test.php && echo "test=test&empty=" | CONTENT_LENGTH=16 REQUEST_METHOD=POST CONTENT_TYPE=application/x-www-form-urlencoded REDIRECT_STATUS=1 SCRIPT_FILENAME=/tmp/post_test.php php56.cgi -n /tmp/post_test.php
X-Powered-By: PHP/5.6.24
Content-type: text/html; charset=UTF-8
array(2) {
["test"]=>
string(4) "test"
["empty"]=>
string(0) ""
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/pld-linux/+bug/1624527/+subscriptions
More information about the pld-bugs
mailing list