TalkPHP
Home Forums Articles Glossary Awards Register Rules Members Search Today's Posts Mark Forums Read
 
 
 
Account Login
Latest Articles
» The basic usage of PHPTAL, a XML/XHTML template library for PHP
by awuehr on 11-10-2008 in Tips & Tricks
» Vulnerable methods and the areas they are commonly trusted in.
by Village Idiot on 11-04-2008 in Classes & Objects
» Simple way to protect a form from bot
by codefreek on 10-23-2008 in Basic
» The Basics On: How Session Stealing Works
by wiifanatic on 09-12-2008 in Security & Permissions
» How to keep your forms from double posting data
by drewbee on 07-03-2008 in Tips & Tricks
IRC Channel
IRC Speech Bubble Join the friendly bunch on IRC...
(#TalkPHP on Freenode)

...Also available via a web interface.

See this thread for information on the TalkPHP Free Hugs Initiative™. Subject to availability.
Associates
Associates
CSS Tutorials
TalkPHP > Developer Forums > Advanced PHP Programming » Bug in PHP?/Unknown output?
Reply
 
LinkBack Thread Tools Search this Thread Display Modes
Old 04-25-2009, 09:09 AM   #1 (permalink)
The Wanderer
 
Join Date: Sep 2008
Location: Tehran - Iran
Posts: 6
Thanks: 35
Y.P.Y is on a distinguished road
Bug Bug in PHP?/Unknown output?
Hi,
This is a simple function for throwing error in a MySQL class(Private)...
PHP Code:
final private static function _Throw_Error($Str_CalledFunction__function__)
{
return(exit('[' $_SERVER['SERVER_SOFTWARE'] . '] [' basename(__file__) . '] [' . (string)$Str_CalledFunction '] [' __line__ '] [' mysql_error() | -9999 false null ThisIsNotAVariable '].'));

Check output!

Output: yyy{|mososntiWi~{sklu]~/5.2.8] [mysql.php] [XXXXX] [219] [

OS: Redhat Linux/Windows Xp SP2
PHP: 4/5
Server: Apache 2
__________________
http://Yousha.Blog.ir/
Send a message via ICQ to Y.P.Y
Y.P.Y is offline   		Reply With Quote
The Following User Says Thank You to Y.P.Y For This Useful Post:
Yoosha (03-17-2010)
Old 04-25-2009, 11:22 AM   #2 (permalink)
Moderateur
RegEx Guru PHP Guru Top Contributor Advanced Programmer 
 
Salathe's Avatar
 
Join Date: Apr 2007
Posts: 1,393
Thanks: 5
Salathe is on a distinguished road
Default
Oh where to start.
  1. There is absolutely no need for the return since you call exit.
  2. Whilst they might "just work", the built-in magic constants should be uppercased: __FUNCTION__, __FILE__ and __LINE__.
  3. What is this all about: | -9999 . false . null . ThisIsNotAVariable .. As far as I can see it serves no practical purpose (and is the cause of your "bug").
  4. Personally, I think things would look much prettier with sprintf.

Now onto the "bug", which really isn't one. The root of the problem is that you use the "bitwise or" (|) operator which is playing around with the bits in your strings. It is basically taking the string before the | and "or"ing that with the string after it. The output will vary but given the following:
Code:
$_SERVER['SERVER_SOFTWARE'] = 'my server software';
basename(__FILE__)          = 'bug.php';
$Str_CalledFunction         = 'bug';
__LINE__                    = 3;
mysql_error()               = '';
ThisIsNotAVariable          = 'ThisIsNotAVariable';
Then the line will try to output the following expression:
Code:
'[my server software] [bug.php] [bug] [3] [' | '-9999ThisIsNotAVariable].'
The result, for this case, being:
Code:
}y9{uzw{sovuwarm}bg}o.php] [bug] [3] [
and for my local server (Apache/2.2.9 (Unix) PHP/5.3.0RC2-dev):
Code:
yyy{|mososntiWo{yibmo}ssl/2.2.9 OpenSSL/0.9.7l DAV/2 PHP/5.3.0RC2-dev mod_perl/2.0.2 Perl/v5.8.8] [bug.php] [fail] [9] [
Salathe is offline   		Reply With Quote
Old 04-25-2009, 11:39 AM   #3 (permalink)
The Wanderer
 
Join Date: Sep 2008
Location: Tehran - Iran
Posts: 6
Thanks: 35
Y.P.Y is on a distinguished road
Default
But i thinking this is a bug...
__________________
http://Yousha.Blog.ir/
Send a message via ICQ to Y.P.Y
Y.P.Y is offline   		Reply With Quote
The Following User Says Thank You to Y.P.Y For This Useful Post:
Yoosha (03-17-2010)
Old 04-25-2009, 11:41 AM   #4 (permalink)
Moderateur
RegEx Guru PHP Guru Top Contributor Advanced Programmer 
 
Salathe's Avatar
 
Join Date: Apr 2007
Posts: 1,393
Thanks: 5
Salathe is on a distinguished road
Default
It is not.
Salathe is offline   		Reply With Quote
Old 04-25-2009, 02:38 PM   #5 (permalink)
Orc
The Prestige
 
Orc's Avatar
 
Join Date: Dec 2007
Posts: 1,044
Thanks: 193
Orc is on a distinguished road
Default
Oh and I think you need to manage your code better, that's all jumbled into one place. :S
__________________
VillageIdiot can have my babbies ;d
Orc is offline   		Reply With Quote
Old 04-25-2009, 02:53 PM   #6 (permalink)
La Vida es Sueño
Advanced Programmer Top Contributor 
 
Wildhoney's Avatar
 
Join Date: Sep 2007
Location: Oldham
Posts: 2,280
Thanks: 90
Wildhoney is on a distinguished road
Default
What is your intention? To attempt to break PHP? I think PHP will break you before you break PHP.
__________________
The man who comes back through the Door in the Wall will never be quite the same as the man who went out.
Send a message via AIM to Wildhoney Send a message via MSN to Wildhoney Send a message via Yahoo to Wildhoney
Wildhoney is offline   		Reply With Quote
Old 04-25-2009, 04:03 PM   #7 (permalink)
Wizard
Top Contributor 
 
Village Idiot's Avatar
 
Join Date: Sep 2007
Posts: 1,299
Thanks: 17
Village Idiot is on a distinguished road
Default
Quote:
Originally Posted by Y.P.Y View Post
But i thinking this is a bug...
It's not.

In programming, before you go yelling "bug!" you should know how it happened, why its a bug, and how it could be fixed. Otherwise you do not understand the issue and are therefore not qualified to assess if it is indeed a bug. At this point you simply do not understand the nature of the code, which may be because it one of the messiest pieces of code I've seen in a very long time. I can hardly read that.....

The reason you are getting these weird characters is because you are making bad conversions to a string. Since all data boils down to 0's and 1's, all data can be applied to all other data; you just won't get anything nice looking. I see you outputting the following:
1. Strings
2. Something typecasted to a string
3. Integers
4. Booleans (which are integers)
5. Strings with integer operations applied to them

With all that meshed into one output statement, I find it amazing you are surprised at the unreadable output.
__________________
Village Idiot is offline   		Reply With Quote
Old 04-25-2009, 06:02 PM   #8 (permalink)
The Frequenter
Zend Certified 
 
Join Date: Sep 2007
Location: Denmark
Posts: 352
Thanks: 8
Kalle is on a distinguished road
Default
Quote:
Originally Posted by Wildhoney View Post
What is your intention? To attempt to break PHP? I think PHP will break you before you break PHP.
This calls for #46156:
http://bugs.php.net/bug.php?id=46156


As for the replies;

Salathe, __FILE__ etc. is actually not constants, they are tokens and replaced at compile time:

PHP Code:
<?php
    class A
    {
        public function b()
        {
            $this instanceof __CLASS__;
        }
    }
?>
PHP will find the following tokens here (without the whitespace):
Code:
T_OPEN_TAG
T_CLASS
T_STRING
'{'
T_PUBLIC
T_FUNCTION
T_STRING
'('
')'
'{'
T_VARIABLE
T_INSTANCEOF
--> T_CLASS_C <--
';'
'}'
'}'
T_CLOSE_TAG
Because __CLASS__ here is a special (magic) compile time constant, you don't need to instanciate A and then call b to trigger this, simply run the script and PHP will give you an E_COMPILE_ERROR (I think it is) saying T_STRING, T_VARIABLE or $ is expected.


But for the "bug" itself, it comes from the bitwise operator and how ASCII characters are used in those operations. The expression you write:
PHP Code:
'[' $_SERVER['SERVER_SOFTWARE'] . '] [' basename(__file__) . '] [' . (string)$Str_CalledFunction '] [' __line__ '] [' mysql_error() | -9999 false null ThisIsNotAVariable '].' 
Will looks like this when all is concated before the bitwise OR operator is used:
PHP Code:
'[Apache/2.2.11 (Win32) PHP/5.3.0RC2-dev] [test.php] [] [6] [' . | . '-9999ThisIsNotAVariable]'
I'm not totally into bitwise operations and ASCII and how the 'weird' characters comes into the picture, but I'm sure it has a logical explanation =)
__________________
Send a message via MSN to Kalle Send a message via Skype™ to Kalle
Kalle is offline   		Reply With Quote
Old 04-25-2009, 06:14 PM   #9 (permalink)
Moderateur
RegEx Guru PHP Guru Top Contributor Advanced Programmer 
 
Salathe's Avatar
 
Join Date: Apr 2007
Posts: 1,393
Thanks: 5
Salathe is on a distinguished road
Default
Quote:
Originally Posted by Kalle View Post
Salathe, __FILE__ etc. is actually not constants, they are tokens and replaced at compile time:
I didn't say they were constants, I used the terminology associated with them in the manual and in common use by everyone: magic constants. I'm not entirely sure if you were correcting me, or teaching others. :
Salathe is offline   		Reply With Quote
Old 04-25-2009, 06:18 PM   #10 (permalink)
The Frequenter
Zend Certified 
 
Join Date: Sep 2007
Location: Denmark
Posts: 352
Thanks: 8
Kalle is on a distinguished road
Default
Quote:
Originally Posted by Salathe View Post
I didn't say they were constants, I used the terminology associated with them in the manual and in common use by everyone: magic constants. I'm not entirely sure if you were correcting me, or teaching others. :
I know the terminology in the manual says they are constants :P, but the manual doesn't explain much about compile time stuff which can be a useful insight while talking about them here, so I guess it was teaching :)
__________________
Send a message via MSN to Kalle Send a message via Skype™ to Kalle
Kalle is offline   		Reply With Quote
Old 04-25-2009, 06:44 PM   #11 (permalink)
Moderateur
RegEx Guru PHP Guru Top Contributor Advanced Programmer 
 
Salathe's Avatar
 
Join Date: Apr 2007
Posts: 1,393
Thanks: 5
Salathe is on a distinguished road
Default
Quote:
Originally Posted by Kalle View Post
I'm not totally into bitwise operations and ASCII and how the 'weird' characters comes into the picture, but I'm sure it has a logical explanation =)
The ASCII is treated just like a sequence of bytes. The weird characters are just those which aren't "printable" (around 1/4 of ASCII characters).

For example:

Code:
Apac = 01000001 01110000 01100001 01100011
9999 = 00111001 00111001 00111001 00111001
yyy{ = 01111001 01111001 01111001 01111011  ('Apac' | '9999')
Salathe is offline   		Reply With Quote
The Following User Says Thank You to Salathe For This Useful Post:
Kalle (04-25-2009)
Reply

« Previous Thread | Next Thread »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Output to PDF allworknoplay Advanced PHP Programming 23 04-03-2009 12:17 PM
Save output from foreach into an array Sam Granger Absolute Beginners 2 01-15-2009 02:07 AM
Unexpected characters in output Killswitch Absolute Beginners 2 12-20-2008 04:29 AM
PHP Security: Escape Output nuweb General 4 11-24-2008 08:00 PM
Smarty output buffering? Aaron Libraries & Extensions 4 08-13-2008 09:35 AM


All times are GMT. The time now is 01:40 AM.

 
     
Contact Us - TalkPHP - PHP Community - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Inactive Reminders By Icora Web Design