Anatomy of this bug

freenity · 03-02-2008, 01:52 PM

Hi
Anyone know some info about this array bug, for example:

http://site.com/index.php?id[]=123

By putting those [] it will send an array and not a var.
So in some sites it says, that the value can't be mixed, etc, etc

I wanted to replicate this bug on my server by doing this:

PHP Code:


			
<?

error_reporting(E_ALL);





echo htmlentities($_GET['id']);







?>

then I access it: http://localhost/testbug.php?id[]=asd
and nothing :S

Why htmlentities?? not sure, but I've seen a site where I did same and it showed:

Warning: htmlentities() expects parameter 1 to be string, array given in /home/enciclo/public_html/control/funciones-sec.php on line 17

So why my code is not buggy??

TlcAndres · 03-02-2008, 01:53 PM

Well what version of PHP where they using?

freenity · 03-02-2008, 02:01 PM

PHP 5.2.4 (cli) (built: Oct 16 2007 09:13:35)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies

Alan @ CIT · 03-02-2008, 02:03 PM

Silly question but do you have display_errors turned off?

It should definately throw an error as it only takes a string.

Alan

ReSpawN · 03-02-2008, 02:32 PM

PHP Code:


			
ini_set('display_errors', 1);
error_reporting( E_ALL ^ E_NOTICE );

But since when do you filter out HTML entities (like <i>myString</i>) in an ID? Simply filter it with is_numeric($var); or addslashes($var);

freenity · 03-02-2008, 03:43 PM

Quote:

Originally Posted by Alan @ CIT

Silly question but do you have display_errors turned off?

It should definately throw an error as it only takes a string.

Alan

silly but right XD
now it works

It's id parameter just for an example...

Thanks XD

freenity · 03-02-2008, 03:46 PM

btw anyone knows how to insert vars into that array. I write:

http://localhost/testbug.php?id[]=2

and with var_dump($_GET) it shows me:

array(1) { ["id"]=> array(1) { [0]=> string(1) "2" } }

How do I "insert" values to the id array? :)

ReSpawN · 03-02-2008, 05:30 PM

Well, since you want to insert it one at a time I suggest you simply use the array_push(); command.

PHP Code:


			
$myArray = array();
    if ($_GET['id']) {
        array_push($myArray, $_GET['id']);
    }

Otherwise, you can also do it in an foreach loop.

DeMo · 03-02-2008, 07:58 PM

I think he wants to know if it's possible to pass more than one value for the array via the URL.

Alan @ CIT · 03-02-2008, 08:54 PM

Something like the following would work:

The Url:

Code:

your_script.php?id[]=15&id[]=20&id[]=30

Would create an array that looked something like:

Code:

// $_GET['id']

Array
(
    [0] => 15
    [1] => 20
    [2] => 30
)

You could then just access it like a normal array:

PHP Code:


			
echo $_GET['id'][1];

// Would echo '20' using the url above

Alan

freenity · 03-02-2008, 09:05 PM

yes, exactly what I wanted :)
thanks.

Quote:

Originally Posted by Alan @ CIT

Something like the following would work:

The Url:

Code:

your_script.php?id[]=15&id[]=20&id[]=30

Would create an array that looked something like:

Code:

// $_GET['id']

Array
(
    [0] => 15
    [1] => 20
    [2] => 30
)

You could then just access it like a normal array:

PHP Code:


			
echo $_GET['id'][1];

// Would echo '20' using the url above

Alan