[Bug 1624527] Re: suhosin removes empty fields from $_POST when used with PHP 5.6

Elan Ruusamäe 1624527 at bugs.launchpad.net
Thu Sep 29 22:18:51 CEST 2016 

will be solved with that PR#1

** Changed in: pld-linux
   Importance: Undecided => Medium

** Changed in: pld-linux
       Status: New => Fix Released

** Changed in: pld-linux
     Assignee: (unassigned) => Elan Ruusamäe (glen666)

-- 
You received this bug notification because you are subscribed to PLD
Linux.
https://bugs.launchpad.net/bugs/1624527

Title:
  suhosin removes empty fields from $_POST when used with PHP 5.6

Status in PLD Linux:
  Fix Released

Bug description:
  In a fresh PLD chroot:

  # rpm -qa | grep php           
  php-dirs-1.7-1.noarch
  php56-common-5.6.24-1.x86_64
  php56-cgi-5.6.24-1.x86_64
  php56-suhosin-0.9.36-2.x86_64
  php55-common-5.5.38-1.x86_64
  php55-cgi-5.5.38-1.x86_64
  php55-suhosin-0.9.36-2.x86_64

  Notice the empty variable missing from $_POST on PHP 5.6:

  # echo '<?php var_dump($_POST);' >/tmp/post_test.php && echo "test=test&empty=" | CONTENT_LENGTH=16 REQUEST_METHOD=POST CONTENT_TYPE=application/x-www-form-urlencoded REDIRECT_STATUS=1 SCRIPT_FILENAME=/tmp/post_test.php php56.cgi /tmp/post_test.php
  Content-type: text/html; charset=UTF-8

  array(1) {
    ["test"]=>
    string(4) "test"
  }

  
  PHP 5.5 works correctly:

  # echo '<?php var_dump($_POST);' >/tmp/post_test.php && echo "test=test&empty=" | CONTENT_LENGTH=16 REQUEST_METHOD=POST CONTENT_TYPE=application/x-www-form-urlencoded REDIRECT_STATUS=1 SCRIPT_FILENAME=/tmp/post_test.php php55.cgi /tmp/post_test.php
  Content-type: text/html

  array(2) {
    ["test"]=>
    string(4) "test"
    ["empty"]=>
    string(0) ""
  }

  
  PHP 5.6 without loading suhosin (by uninstalling it or adding -n flag) also works correctly:

  # echo '<?php var_dump($_POST);' >/tmp/post_test.php && echo "test=test&empty=" | CONTENT_LENGTH=16 REQUEST_METHOD=POST CONTENT_TYPE=application/x-www-form-urlencoded REDIRECT_STATUS=1 SCRIPT_FILENAME=/tmp/post_test.php php56.cgi -n /tmp/post_test.php
  X-Powered-By: PHP/5.6.24
  Content-type: text/html; charset=UTF-8

  array(2) {
    ["test"]=>
    string(4) "test"
    ["empty"]=>
    string(0) ""
  }

To manage notifications about this bug go to:
https://bugs.launchpad.net/pld-linux/+bug/1624527/+subscriptions

More information about the pld-bugs mailing list