Tiny unimportant bug with urldecode

renehaentjens · 12-09-2003, 04:42 AM

In search_function.php (1.6.5) there is an urldecode in lines 80 and 90. I'm almost sure that these should be taken out. The web server does the urldecode for you...

The calls are harmless in 99.999% of the cases, but it is possible to construct a very artificial example where things go wrong.

You need a site where pages can contain words that contain two hex digits, for example 'E9X1', 'E9X2' etc.

Then, when you search with a query_string = % E 9 X (words begin) and find more hits than fit on one page, the first page of search results is OK (% is ignored as word separator) but you'll loose the rest when navigating to the second page of the search results.

Charter · 12-10-2003, 09:31 AM

Hi. Can you give a link to the page containing hex digits and a link to the search page?

renehaentjens · 12-11-2003, 12:26 AM

Here's the complete site. Just index it, search for "p f x - % E 9 X" (words begin) and navigate to the second page of search results to find them gone.

Quote:

<?php
if ($link = (get_magic_quotes_gpc()) ?
stripslashes($_GET['link']) : $_GET['link'])
// no (raw)urldecode needed here, that is automatically done for you
{
echo '<h1>', htmlspecialchars($link), '</h1>';

// mysql_query("SELECT `url` FROM `link_table` WHERE `link`='" .
// addslashes($link) . "'");
}
else
{
echo '<h1>Links</h1><ul>';
foreach (array("pfx-Apo'strophe", 'pfx-Quo"te', "pfx-Back\slash",
"pfx-Greater>than", "pfx-Less<than", "pfx-Amper&sand",
"pfx-coefficiÃ«nt", "pfx-faÃ§ade", "pfx-tÃªte-Ã*-tÃªte",
"pfx-%E9-01", "pfx-%E9-02", "pfx-%E9-03", "pfx-%E9-04",
"pfx-%E9-05", "pfx-%E9-06", "pfx-%E9-07", "pfx-%E9-08",
"pfx-%E9-09", "pfx-%E9-10", "pfx-%E9-11", "pfx-%E9-12",
"pfx-S p a c e")
as $link)
{
echo '<li><a href="site.php?link=' . rawurlencode($link) . '">' .
htmlspecialchars($link) . '</a></li>';
}
echo '</ul>';
}
?>

12-09-2003, 04:42 AM	#1
renehaentjens Orange Mole Join Date: Nov 2003 Posts: 69	Tiny unimportant bug with urldecode In search_function.php (1.6.5) there is an urldecode in lines 80 and 90. I'm almost sure that these should be taken out. The web server does the urldecode for you... The calls are harmless in 99.999% of the cases, but it is possible to construct a very artificial example where things go wrong. You need a site where pages can contain words that contain two hex digits, for example 'E9X1', 'E9X2' etc. Then, when you search with a query_string = % E 9 X (words begin) and find more hits than fit on one page, the first page of search results is OK (% is ignored as word separator) but you'll loose the rest when navigating to the second page of the search results. __________________ RenÃ© Haentjens, Ghent University

12-10-2003, 09:31 AM	#2
Charter Head Mole Join Date: May 2003 Posts: 2,539	Hi. Can you give a link to the page containing hex digits and a link to the search page? __________________ Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Do i need help or is it a bug?	se7en	Troubleshooting	2	03-16-2006 07:23 AM
IE bug?	FaberFedor	Troubleshooting	6	01-30-2005 04:39 PM
Bug with PHPDIG_SESSID_VAR?	Edomondo	Bug Tracker	1	11-30-2004 09:56 AM
Not really a bug	cybercox	Mod Requests	0	04-04-2004 07:03 AM
bug...	shadow00	Troubleshooting	2	12-16-2003 01:01 PM