You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copying a function variable makes it forget that is was a reference. This is with php 5.3.10 (latest in ubuntu precise).
Demo-code:
<?php
header('Content-Type: text/plain');
$string = '[email protected]';
echo "input: ".$string."\n";
echo "expected result: @bar.com\n-----\n\n";
taint($string);
checkEmailAddress($string);
untaint($string);
checkEmailAddress($string);
function checkEmailAddress($address) {
if ( is_tainted($address) ) {
echo "with tainted variable:\n";
} else {
echo "with normal variable:\n";
}
$ret = getAddressSpec($address);
echo "RESULT: ";
var_dump($address);
echo "\n\n";
}
function getAddressSpec(&$at) {
echo "BEFORE CHANGE: ";
var_dump($at);
// This line is the problem. It works for tainted variables if we remove it.
$oldat = $at;
// Change contents of reference
$at = '@bar.com';
echo "AFTER CHANGE IN SAME FUNCTION: ";
var_dump($at);
}
?>
You'll see that the result of checkEmailAddress changes if we change the 'taintedness' of the variable given to the function.
Output for 5.3.10:
input: [email protected]
expected result: @bar.com
-----
with tainted variable:
BEFORE CHANGE: &string(11) "[email protected]"
AFTER CHANGE IN SAME FUNCTION: string(8) "@bar.com"
RESULT: string(11) "[email protected]"
with normal variable:
BEFORE CHANGE: string(11) "[email protected]"
AFTER CHANGE IN SAME FUNCTION: string(8) "@bar.com"
RESULT: string(8) "@bar.com"
The text was updated successfully, but these errors were encountered:
Copying a function variable makes it forget that is was a reference. This is with php 5.3.10 (latest in ubuntu precise).
Demo-code:
You'll see that the result of
checkEmailAddresschanges if we change the 'taintedness' of the variable given to the function.Output for 5.3.10:
The text was updated successfully, but these errors were encountered: