suhosin removes empty fields from $_POST when used with PHP 5.6
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
PLD Linux |
Fix Released
|
Medium
|
Elan Ruusamäe |
Bug Description
In a fresh PLD chroot:
# rpm -qa | grep php
php-dirs-
php56-common-
php56-cgi-
php56-suhosin-
php55-common-
php55-cgi-
php55-suhosin-
Notice the empty variable missing from $_POST on PHP 5.6:
# echo '<?php var_dump($_POST);' >/tmp/post_test.php && echo "test=test&empty=" | CONTENT_LENGTH=16 REQUEST_METHOD=POST CONTENT_
Content-type: text/html; charset=UTF-8
array(1) {
["test"]=>
string(4) "test"
}
PHP 5.5 works correctly:
# echo '<?php var_dump($_POST);' >/tmp/post_test.php && echo "test=test&empty=" | CONTENT_LENGTH=16 REQUEST_METHOD=POST CONTENT_
Content-type: text/html
array(2) {
["test"]=>
string(4) "test"
["empty"]=>
string(0) ""
}
PHP 5.6 without loading suhosin (by uninstalling it or adding -n flag) also works correctly:
# echo '<?php var_dump($_POST);' >/tmp/post_test.php && echo "test=test&empty=" | CONTENT_LENGTH=16 REQUEST_METHOD=POST CONTENT_
X-Powered-By: PHP/5.6.24
Content-type: text/html; charset=UTF-8
array(2) {
["test"]=>
string(4) "test"
["empty"]=>
string(0) ""
}
Upstream release 0.9.38 seems to work properly. Opened pull request on github: https:/ /github. com/pld- linux/php- suhosin/ pull/1