Comments (7)
from suhosin.
With a[]=&a[]=on
the resulting $_POST['a']
should be array('', 'on')
. The test case passes successfully with both PHP 5.5.30 and 5.6.16.
The various disallow_nul
options make sure, that strings do not contain the NUL-byte (\0
).
from suhosin.
It's very strange. After I update my server from PHP 5.5 to 5.6, Suhosin should be updated too, but ini configs are kept. After update, all my applications that uses forms like that starts to fail. In case, I could check that the problem was that, and after I disabled Suhosin, it's back to normal.
Another possibility is that my Suhosin is outdated (compared to github version). It's possible? In some moment, there are some issue like that?
Lastly, can you just try it (locally)?
<form action="" method="post">
<input type="text" name="user[]" />
<input type="text" name="user[]" />
<input type="text" name="content[]" />
<input type="text" name="content[]" value="ok" />
</form>
It should returns something like:
$_POST['user'] = ['', ''];
$_POST['content'] = ['', 'ok'];
In last case, I'll try do it on a virtual machine based on my server settings -- it'll be hard, so, I need do it only in last case.
Thanks a lot!
from suhosin.
With Suhosin 0.9.38 on Debain/Apache2 it shows (correctly):
array(2) {
["user"]=>
array(2) {
[0]=>
string(0) ""
[1]=>
string(0) ""
}
["content"]=>
array(2) {
[0]=>
string(0) ""
[1]=>
string(2) "ok"
}
}
Please try to enable logging and see if any suhosin rule is altering the requets:
suhosin.log.file=255
suhosin.log.file.name=/tmp/suhosin-debug.log
from suhosin.
@bef I do your test and it is the results:
Test code:
<?php
var_dump($_POST);
?>
<form method="post" action="">
<input type="text" name="a[]" value="" />
<input type="text" name="a[]" value="test" />
<input type="submit" />
</form>
Without suhosin:
array(1) { ["a"]=> array(2) { [0]=> string(0) "" [1]=> string(4) "test" } }
With suhosin:
array(1) { ["a"]=> array(1) { [0]=> string(4) "test" } }
Suhosin log:
Nov 30 02:49:32 [8449] ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'a[]'
Nov 30 02:49:32 [8449] ALERT - dropped 1 request variables - (0 in GET, 1 in POST, 0 in COOKIE)
Suhosin version: 0.9.36
PHP version: 5.6.15
I tried to add the suhosin.request.disallow_nul=Off
and seems that it worked.
suhosin.cookie.disallow_nul=Off
suhosin.get.disallow_nul=Off
suhosin.post.disallow_nul=Off
suhosin.request.disallow_nul=Off ; this
The question now is: should it be default?
from suhosin.
The current version of Suhosin is 0.9.38 not 0.9.36 - what you describe is a known bug occurring in an older version of Suhosin.
from suhosin.
Well, I fixed it with this last settings, but is important test on 0.9.38 too without it. I'll search about how to update suhosin and I return to this topic. Thanks a lot!
from suhosin.
Related Issues (20)
- Handling cookies set on clientside when using encryption HOT 4
- Incompatibility with pcs ext. HOT 3
- Disable or uninstall Suhosin? 404 for everything HOT 1
- Loadable extension for HHVM HOT 1
- Too long syslog line HOT 2
- Ini section HOT 4
- filter HTTP_PROXY HOT 2
- disable URL-based sessions HOT 5
- suhosin should not restrict on cli access HOT 4
- Revive the php < 5.4 support HOT 6
- View log in system with systemd HOT 1
- Segmentation fault with enabled suhosin HOT 1
- http://download.suhosin.org is not acting properly HOT 1
- /suhosin.c:35:10: fatal error: 'php_logos.h' file not found HOT 1
- Apache24 segfault when OPcache + Suhosin are enabled HOT 6
- HTTPS certificate expired on suhosin.org HOT 3
- Repository key expired HOT 2
- ini priority for debian/ubuntu HOT 1
- Need to disable suhosin for one Directory ( live chat ) HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from suhosin.