サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
体力トレーニング
bugs.php.net
Apache2 related Security Reported by varma.prashanth@... Thu, 05 Jul 2018 15:47:26 +0000 PHP: Any, OS: Any Description: ------------ Because of (Transfer-Encoding: Chunked) header php is echoing the body as response. This exploit doesn't need any authentication and can be exploited via POST request. XSS tested on current versions of Chrome and Firefox Quantum. > This vulnerability is tested on apa
HTTP related Security Reported by liushusheng@... Fri, 03 Apr 2015 07:16:01 +0000 PHP: Irrelevant, OS: all Description: ------------ PHP Multipart/form-data remote dos Vulnerability Author: Shusheng Liu, The Department of Security Cloud, Baidu,China 1. Description: PHP is vulnerable to a remote denial of service, caused by repeatedly allocate memory、concatenate string、copy string and free memory w
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login go to bug id or search bugs for Showing 1-80 of 498 Show Next 80 Entries » ID# Date Last Modified Package Type Status PHP Version OS Summary Assigned 81746 (edit) 2023-01-20 22:19 UTC 2023-02-13 04:40 UTC *Directory/Filesystem functions Sec Bug Closed 8.0.27 Linux 1-byte array overru
Noticing PHP crashes There's no absolute way to know that PHP is crashing, but there may be signs. Typically, if you access a page that is always supposed to generate output (has a leading HTML block, for example), and suddenly get "Document contains no data" from your browser, it may mean that PHP crashes somewhere along the execution of the script. Another way to tell that PHP is crashing is by
Math related Bug Reported by endosquid@... Fri, 08 Jan 2010 19:13:41 +0000 PHP: 5.3.1, OS: Linux 32 bit Description: ------------ php -r 2>/dev/null 'print number_format("",0) . "\n";' on our old PHP 5.1.6 Solaris 8 box (that we are transitioning off of) returns 0. Now, we're testing our code, and we run into this behavior change: php -r 2>/dev/null 'print number_format("",0) . "\n";' on our new R
Unknown/Other Function Bug Reported by peter.ritt@... Sat, 16 Apr 2011 20:07:43 +0000 PHP: 5.3.6, OS: linux Description: ------------ comparison of strings using == shows wrong results when both strings are numbers (digits) around PHP_MAX_INT; the same comparison using === works correctly; tested on 64 bit systems only, affects also PHP 5.3.5 Test script: --------------- $a = '9223372036854775807'
Date/time related Bug Reported by olemarkus@... Thu, 12 Jan 2012 09:08:22 +0000 PHP: 5.3.9, OS: Gentoo Linux Description: ------------ PHP error log no longer respects timezone and always logs in UTC. Setting error_log to a filesystem path and date.default_timezone to e.g Europe/Oslo gives the following log lines in 5.3.8: [12-Jan-2012 10:02:38] PHP Notice: Undefined variable: foo in /home/htdocs/
Scripting Engine problem Bug Reported by tomek@... Wed, 15 Feb 2012 15:32:20 +0000 PHP: 5.3.10, OS: Windows XP Description: ------------ These echoes 4: echo (0x00+2); echo (0x00+0x02); but they should echo 2! This echoes 2 as expected: echo (0x00 + 2); Test script: --------------- echo (0x00+2); Expected result: ---------------- 2 Actual result: -------------- 4
[2010-09-14 02:46 UTC] galaxy dot mipt at gmail dot com Description: ------------ Performance of built-in unserializer degrades at unexpectedly high rate with the increase of unserialized data size (rather, with number of serialized items). Say, unserializing a plain array of ~1000000 integers might take somewhat 10 secs on average P4 machine, and the worst part is that the time raises quadratical
PHP Bug Tracking System Before you report a bug, please make sure you have completed the following steps: Used the form above or our advanced search page to make sure nobody has reported the bug already. Make sure you are using the latest stable version or a build from Git, if similar bugs have recently been fixed and committed. Read our tips on how to report a bug that someone will want to help f
*Encryption and hash functions Bug Reported by jo@... Wed, 17 Aug 2011 13:03:20 +0000 PHP: 5.3.7RC5, OS: Linux Description: ------------ If crypt() is executed with MD5 salts, the return value conists of the salt only. DES and BLOWFISH salts work as expected. I tested with php from openSUSE PHP5 repository > php -v PHP 5.3.7RC6-dev (cli) > rpm -q php5 php5-5.3.6.201108112132-94.1.x86_64 Test scrip
Math related Bug Reported by exploringbinary@... Thu, 30 Dec 2010 06:58:41 +0000 PHP: 5.3.4, OS: Description: ------------ If I assign the value 2.2250738585072011e-308 to a variable, e.g. $d = 2.2250738585072011e-308, PHP hangs (loops). I am using PHP 5.3.1 XAMPP 1.7.3 on Windows. 2.2250738585072011e-308 represents the largest subnormal double-precision floating-point number, 0.111111111111111111
*General Issues Bug Reported by dh123lh1@... Sun, 25 Jul 2010 06:21:01 +0000 PHP: Irrelevant, OS: windows 7 home premium Home thea Description: ------------ where its supposed to pay off the farmvill Iqtest and tell me my resultsI got this instead of my million farmville coins, i have done this Iq test please pay my million coins in facebooks farmville http://www.quizulous.com/toolbar/newaccount/c
Strings related Bug Reported by hello@... Tue, 06 Oct 2009 11:40:05 +0000 PHP: 5.3.0, OS: * Description: ------------ Suppose htmlspecialchars() should check byte sequence more strictly for security reasons. An XSS exploit code has been unveiled. http://d.hatena.ne.jp/t_komura/20091004/1254665511 [ja] I wrote a primitive patch. http://iwamot.com/misc/html.c.patch.20091006 I don't know whether it i
Strings related Bug Reported by hello@... Thu, 08 Oct 2009 14:15:55 +0000 PHP: 5.3.2-dev, OS: * Description: ------------ PHP 5 ChangelLog says "Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences." http://www.php.net/ChangeLog-5.php#5.2.5 But it has not been fixed in reality. Please correct the log, or investigate my patch. http://iwamot.com/misc/html.c.patch.20091008 Re
Reproducible crash Bug Reported by iwannalive@... Tue, 23 Jun 2009 23:46:57 +0000 PHP: 5.3.0RC4, OS: All Description: ------------ PHP 5.3 includes goto. This is a problem. Seriously, PHP has made it this far without goto, why turn the language into a public menace? Reproduce code: --------------- <?php goto a; echo 'Foo'; a: echo 'Bar'; ?> Expected result: ---------------- The world will end. Act
このページを最初にブックマークしてみませんか?
『PHP :: Bugs homepage』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く