Variable to an integer type.
Syntax: int intval (mixed var, int [base]);
return value: Integer
Function type: PHP system function
Content Description
This function converts a variable to an integer type. The parameter base that can be omitted is the base of the transformation, and the default value is 10. The converted variable var can be an array or any type of variable other than the class.
Analysis of security vulnerabilities using improper intval ()
The Intval function has an attribute of: "Until the number or sign symbol to start the conversion, and then encounter non-numeric or end of the string () conversion", in some applications due to the Intval function This feature is not known enough, the use of errors leads to bypass some security judgments lead to security vulnerabilities.
Second, analysis
| The code is as follows | |
| Php_ FUNCTION (intval) { Zval **num, **arg_base; Int base; Case 1: If (ZEND_GET_PARAMETERS_EX (1, &num) = = failure) { Wron G_param_count; } Base = ten; Break; Case 2: If (ZEND_GET_PARAMETERS_EX (2, &num, &arg_base) = = failure) { Wrong_param_count; } Convert_to_long_ex (arg_base); Base = z_lval_pp (Arg_base); Break; Default: Wrong_param_count; } Retval_zval (*num, 1, 0); Convert_to_long_base (Return_value, base); } Zend/zend_operators.c->>convert_to_long_base () ... Case is_string: Strval = z_strval_p (OP); Z_lval_p (OP) = Strtol (Strval, NULL, base); Str_free (strval); Break; |
|
When the Intval function accepts a string parameter that calls Convert_to_long_base () processing, the next call is Z_lval_p (OP) = Strtol (Strval, NULL, Base), and the parameters are processed by the Strtol function.
The function prototype is as follows:
Long int strtol (const char *nptr,char **endptr,int base);
This function converts the parameter nptr string based on the parameter base to the number of growth integers, the parameters base range from 2 to 36, or 0. Parameter base represents the method used, such as the base value of 10 is 10, if the base value of 16 is 16.
The process is:
Strtol () scans the parameter nptr string and skips the preceding space character until it encounters a number or positive sign to begin the conversion, and then ends the conversion at the end of a non-numeric or string () and returns the result.
Then when the intval is used in the judgment of if, it will cause this judgment to be meaningful, and thus lead to security vulnerabilities.
Third, test code
| The code is as follows | |
| <?php Output results: Intval (0.2) = 0 false |
|
The difference between PHP intval and int
| code is as follows | |
| $t = ' 165 '; Echo GetType ((int) ($t)); //Output result: integer integer value:165 Echo GetType ((int) ($t)); //result integer integer value:0,0 $string = "2a"; |
|
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
