It was reported [1],[2] that PHP would accept filenames with a NULL character in the string, and silently truncate anything after the NULL character. This could lead to unexpected results and could possibly disclose the existence of certain system files. This was initially reported against the file_exists() function, but a number of other functions were changed to prevent PHP from considering paths with a NULL character as being valid [2].<br />
<br />
This has been corrected in the upstream 5.3.4 release [3].<br />
<br />
[1] <a href="http://bugs.php.net/39863">http://bugs.php.net/39863</a> [<a href="http://bugs.php.net/39863" target="_blank">^</a>]<br />
[2] <a href="http://www.madirish.net/?article=436">http://www.madirish.net/?article=436</a> [<a href="http://www.madirish.net/?article=436" target="_blank">^</a>]<br />
[3] <a href="http://svn.php.net/viewvc/?view=revision&revision=305507">http://svn.php.net/viewvc/?view=revision&revision=305507</a> [<a href="http://svn.php.net/viewvc/?view=revision&revision=305507" target="_blank">^</a>]<br />
[4] <a href="http://www.php.net/archive/2010.php#id2010-12-10-1">http://www.php.net/archive/2010.php#id2010-12-10-1</a> [<a href="http://www.php.net/archive/2010.php#id2010-12-10-1" target="_blank">^</a>]<br />
<br />
This issue can potentially impact sane PHP code and is not limited to safe_mode / open_basedir restrictions.
↧
