#47701 [NEW]: print_r sends output when $return set to true if memory limit is reached

Tue, 17 Mar 2009 19:37:42 -0700 

From:             paul at paulmcgarry dot com
Operating system: Linux
PHP version:      5.2.9
PHP Bug Type:     Unknown/Other Function
Bug description:  print_r sends output when $return set to true  if memory 
limit is reached

Description:
------------
This relates to Bug #47020 which I believe has incorrectly set to 
bogus.

I have been using print_r() while processing $errcontext in an error 
handling function, ie one registered with set_error_handler()

It seems that when print_r() hits the memory limit it exposes my 
entire error context to the user.

print_r having a failure mode where it exposes potentially private 
data to the user is a security issue.

If it can't be fixed easily then it should be documented.








-- 
Edit bug report at http://bugs.php.net/?id=47701&edit=1
-- 
Try a CVS snapshot (PHP 5.2):        
http://bugs.php.net/fix.php?id=47701&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):        
http://bugs.php.net/fix.php?id=47701&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):        
http://bugs.php.net/fix.php?id=47701&r=trysnapshot60
Fixed in CVS:                        
http://bugs.php.net/fix.php?id=47701&r=fixedcvs
Fixed in CVS and need be documented: 
http://bugs.php.net/fix.php?id=47701&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=47701&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=47701&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=47701&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=47701&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=47701&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=47701&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=47701&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=47701&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=47701&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=47701&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=47701&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=47701&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=47701&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=47701&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=47701&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=47701&r=mysqlcfg

Reply via email to