Menu

#3885 (ok 4.1.4) display_binary_as_hex option causes unexpected behavior

4.0.0
fixed
Marc Delisle
None
1
2015-01-12
2013-04-19
Tim Fennis
No

A while ago my colleague submitted a patch that introduced the display_binary_as_hex option. The patch was accepted by the PhpMyAdmin dev team. It seems though that at some point changes have been made to the source code that introduce a bug that causes binary values to not be displayed correctly.

// Current source found in DisplayResults.class.php @ line 3900 (4.0.0)
if ($_SESSION['tmp_user_values']['display_binary_as_hex']
     && PMA_Util::containsNonPrintableAscii($column)
) {
    $column = bin2hex($column);
} else {
    $column = htmlspecialchars(
        PMA_Util::replaceBinaryContents(
            $column
        )
    );
}

The origional version never included the added PMA_Util::containsNonPrintableAscii($column) check. If the user enabled the display_binary_as_hex option than you NEVER want to show the binary data anyways (just because it's supposed to be printable).

But it gets even worse. It turns out about 10% of my UUID's pass the PMA_Util::containsNonPrintableAscii($column) check. But when this UUID is passed to the htmlspecialchars function all the data gets deleted because the function is unable to convert the binary data to HTML special chars.

I have 2 propositions:

  1. If the user has the display_binary_as_hex option set, then ALWAYS display the value as is
  2. If the option is disabled than use PHP's latest htmlspecialchars update to show the non-printable characters as block as described in this article.

for some reason a list cannot be followed by code on sourceforge

if ($_SESSION['tmp_user_values']['display_binary_as_hex']) {
    $column = bin2hex($column);
} else {
    $column = htmlspecialchars(
        PMA_Util::replaceBinaryContents(
            $column,
            ENT_SUBSTITUTE //Only works in PHP 5.4
        )
    );
}

Note: We believe a plausible reason for the introduction of this bug is that htmlspecialchars behavior has changed. I cannot find any evidence for this but we believe the origional behavior ignored invalid characters.

Discussion

  • Marc Delisle

    Marc Delisle - 2013-04-20
    • Group: 3.3.7 --> 4.0.0
     

  • J.M. Rütter

    J.M. Rütter - 2013-04-28
    • assigned_to: J.M.
     

  • Laurent DELAGE

    Laurent DELAGE - 2013-05-16

    Seems that this patch cause another problem.

    On milestone 4.0.1, php5.3, when a column is set to collate utf8-bin, data is always displayed as hexadecimal, whatever the value of display_binary_as_hex is.

    Looking at libraries/DisplayResults.class.php, line 5941, if php version is < 5.4, then bin2hex is called every time.

    The check is done because of no existence of ENT_SUBSTITUTE in 5.3, but i think a call without this constant is better than inconditionnel call to bin2hex.

     

  • J.M. Rütter

    J.M. Rütter - 2013-12-27
    • assigned_to: J.M. --> nobody
     

  • Marc Delisle

    Marc Delisle - 2014-01-03

    Tim,
    can you show me your table's structure and tell me on which PHP version you are?

     

  • Marc Delisle

    Marc Delisle - 2014-01-03
    • assigned_to: Marc Delisle
     

  • Marc Delisle

    Marc Delisle - 2014-01-04
    • summary: display_binary_as_hex option causes unexpected behavior --> (ok 4.1.4) display_binary_as_hex option causes unexpected behavior
    • status: open --> resolved
    • Priority: 5 --> 1
     

  • Marc Delisle

    Marc Delisle - 2014-01-07
    • Status: resolved --> fixed
     
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.