Fwd: Mangled Data

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

---------- Forwarded message ---------
De : Glash Gnome <glash.gnome@xxxxxxxxx>
Date: mar. 19 oct. 2021 à 06:00
Subject: Re: Mangled Data
To: <john.iliffe@xxxxxxxxx>


Hello,

PHP's file are valide XML format( Shouldn't it ?).

<?xml version="1.0" encoding="UTF-8" ?>
<?xml-stylesheet  href="" title="This is a XML Processing Instruction tag used by Agent Webbrowser" ?>
<?php "This is a XML Processing Instruction used by the Agent PHP"; ?>
<?php-echo "This Processing Instruction is well-formed, but ignored by php." ?>
<?echo "PHP does not process this instruction... " ?>
<?print "PHP does not process this instruction... " ?>
<?write "PHP does not process this instruction... " ?>
<?: "PHP does not process this instruction... " ?>
<? "PHP does not process this instruction... " ?>

<?= "The php Short Tag is depreciated. Maybe because this is an invalid XML Processing Instruction name" ?>

@see : https://www.w3.org/TR/xml/#dt-pi (W3C Recommendation 26 November 2008).
@see : https://www.php.net/manual/en/language.basic-syntax.phptags.php

-------------------------

One last thing: I think there is a misunderstanding

What I find strange on lines 4. 5. and 6. is the recursion of data decoding.
$line = json_decode($_POST['trans'], ....
$item = json_decode($line[0], ....

Why ?

Best regards,

Le dim. 17 oct. 2021 à 23:42, John <john.iliffe@xxxxxxxxx> a écrit :
Thanks for your prompt response.

It isn't quite that obvious because the internal JSON is already an array, but I think the following will accomplish what you need.  I have annotated the code and result.

This has to be run in two steps because the data that gets mangled is being passed through to another script.  It doesn't change in this script except to be copied to the form.  All of the validations (see below) show that the incoming data is valid.

First, here is the entire script that I used for the script #1 test.  I numbered the lines so I could refer to them in the output.

-----
// test starts here
1. echo("<br /> start of var_dump<br /> <br /><hr><br />");
2. var_dump($_POST['trans']);
3. echo "<br /> <br />Start decode record array<br />";
4. $line = json_decode($_POST['trans'],true,512,JSON_INVALID_UTF8_IGNORE);
5. var_dump(json_decode($line[0],true));
6. $item = json_decode($line[0],true,512,JSON_INVALID_UTF8_IGNORE);
7. var_dump(json_decode($item[0],true));
8. echo "<br /> <br /><hr><br/>Decode item<br />";
9. echo "<br />i_qty: " . $item['i_qty'] . "<br />";
10. echo "i_name: " . $item['i_name'] . "<br /> <hr><br />";

11. echo("<br /><br /><hr><br />Start of echo of actual data received<br />");
12. $data = "">
13. echo "<br />" . $data . "<br /> <br /><hr><br />";
// test ends here

-----
Start with the incoming transaction JSON from the previous script:

line 1 demonstrates that there is incoming JSON data and that it can be dumped.  Here is the output of the var_dump command:

-------
string(248) "["{\"i_code\":20,\"i_qty\":1,\"i_name\":\"Canadian Amateur Radio Basic Qualification Study Guide\",\"i_price\":\"44.95\"}","{\"i_code\":18,\"i_qty\":1,\"i_name\":\"Canadian Amateur Radio Advanced Qualification Study Guide\",\"i_price\":\"44.95\"}"]" 
-------

Now I take the first line of the incoming array and json_decode it to get the associative array in lines 4 and 5:

Start decode record array
---------
array(4) { ["i_code"]=> int(20) ["i_qty"]=> int(1) ["i_name"]=> string(54) "Canadian Amateur Radio Basic Qualification Study Guide" ["i_price"]=> string(5) "44.95" } NULL 
-------

Now display the associative array in lines 6 - 10 giving:

-----------
Decode item

i_qty: 1
i_name: Canadian Amateur Radio Basic Qualification Study Guide
----------- 

So, at this point, all works as expected.  Just for completeness, here is the un-decoded JSON string that is being passed in (lines 11 - 13):

------------
Start of echo of actual data received

["{\"i_code\":20,\"i_qty\":1,\"i_name\":\"Canadian Amateur Radio Basic Qualification Study Guide\",\"i_price\":\"44.95\"}","{\"i_code\":18,\"i_qty\":1,\"i_name\":\"Canadian Amateur Radio Advanced Qualification Study Guide\",\"i_price\":\"44.95\"}"]
------------

The incoming data is passed without modification to the form (second line from end of form):

------------
<form method="POST" name="order" id="order" _onSubmit_="finished()" action="">
<input type="hidden" name="addr" id="addr" value="">
<input type="hidden" name="trans1" id="trans1" value= <?php echo $data ?> >
</form>
------------

Now I invoke the submit method of the form.  The result is displayed in the following script, although I used _javascript_ to show that the data in the form is wrong already.

--------------
1. if (isset($_POST['trans1']))
2. {
3.  $ord_jdata = $_POST['trans1'];
4.  echo "<br/><hr><br /> <br />" . $ord_jdata . "<br /> <hr> <br />";
5.  var_dump(json_decode($ord_jdata),true,512,JSON_INVALID_UTF8_IGNORE);
6.  echo "<br /> <br /><hr><br /> <br />";

7.  exit;
--------------

The result is the mangled data that I don't understand why, and is the same as what I saw in the previous script when I displayed submission using _javascript_:

First, get the data as a string in lines 3 and 4 because it isn't valid JSON so won't decode.
------------
["{\"i_code\":20,\"i_qty\":1,\"i_name\":\"Canadian
------------

Note that the string is terminated at the first X20 " " character.  Now, here is the attempted decode of the incoming data from line 5:

--------------------
NULL bool(true) int(512) int(1048576) 
--------------------

The salient point, so far as I can see, is that the only string variable is being chopped into separate blocks at each word break, ie each X20 " " character and treated as separate null parameters.  If I try to retrieve the data with these words as data names I get:

--------------
NULL NULL NULL NULL 
--------------

So I broke something here because previously they showed up as separate variables but since the problem is already displayed I dropped the debugging there.

Please let me know if there is anything else that might show what's wrong here.

Regards, 

John
=====================

On Sat, 2021-10-16 at 05:43 +0200, Glash Gnome wrote:
Hello,

Can you modify this example to show the issue ?
<?php
//var_dump($_POST);
if (isset($_POST['data'])) {
    var_dump($_POST['prop']);
    var_dump(json_decode($_POST['prop-a']));
    var_dump(json_decode($_POST['prop-b']));
}
?><html>
    <form method="post">
        <input name="prop[]" value="This" />
        <input name="prop[]" value="Is" />
        <input name="prop[]" value='"Array"' />

        <input name="prop-a" value="Hello" id="element" />

        <textarea name="prop-b" rows="4" cols="50"
>{
    "a": "str='hello'",
    "b": 2
}</textarea>
        <input name="data" value='"Submit !"' type="submit"/>
    </form>
    <script type="text/_javascript_">
        let playlist = {
            'DADJU & ANITTA' : "let's go \"mon soleil\"",
        };
        var elt = document.getElementById('element');
        elt.value = JSON.stringify(playlist);
    </script>
</html>
Regards,

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux