Bug 154832

Summary:	Formtransmitting with browsers are not correct
Product:	[openSUSE] SUSE LINUX 10.0	Reporter:	Michael Lanczak <mlmuit>
Component:	Firefox	Assignee:	E-mail List <bnc-team-mozilla>
Status:	RESOLVED FIXED	QA Contact:	E-mail List <qa-bugs>
Severity:	Normal
Priority:	P5 - None	CC:	mlmuit, suse-beta
Version:	unspecified
Target Milestone:	---
Hardware:	PC
OS:	SuSE Linux 10.0
Whiteboard:
Found By:	Component Test	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Michael Lanczak 2006-03-02 21:17:36 UTC

Please write following data and run 'ein.html' with the Firefox or Mozilla Browser. Write a text in the input fields (in this example 'Testtext senden' and 'passwort') and press the submit button for sending the data.
The data 'aus.php' will be called and the URL-row shows your input correct (in this example 'http://localhost/aus.php?buchtitel=Testtext+senden&pass=passwort&grossklein=angekreuzt&sprache=d' .
The data 'aus.php' must show this data on the screen (behind 'Eingabe war ' , 'Passwort = ' ...), but you see nothing!! 

A similar problem you have if you want to send form data with the command 
<form method="post/get" action="mailto:name@provider" name="xxx"> .
The appearing e-mail form is empty without any form data!

By using the php-commands '$HTTP_USER_AGENT', '$REMOTE_ADDR' and '$HTTP_REFERER' you see also nothing!

This experience you get with both browsers 'Mozilla' and 'Firefox'!!
(Is these a bug in YaST2, KDE, X11 ?)

Here the data:
Data 'ein.html':
<html>
<body>
  <form action="aus.php" method="get" name="buch">
    Bitte Text eingeben: <input type="text" name="buchtitel">
    <br/><br/>
    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Passwort: <input type="password" name="pass">
    <br/><br/>
    <input type="checkbox" name="grossklein" checked value="angekreuzt">
    Gross- und Kleinschreibung
    <br/><br/>
    Bitte die Sprache der B&uuml;cher angeben:<br/>
    <input type="radio" name="sprache" checked value="d">Deutsch
    <input type="radio" name="sprache" value="e">English
    <input type="radio" name="sprache" value="a">Esperanto
    <br/><br/>

    <input type="reset" value="Eingabe l&ouml;schen">
    <input type="submit">
  </form>
</body>
</html>

Data 'aus.php':
URL-Adressrow shows:
http://localhost/aus.php?buchtitel=Testtext+senden&pass=passwort&grossklein=angekreuzt&sprache=d

<html>
<body>
  <?php
    phpinfo();
    printf("<br/><br/>");
    printf("<pre>Browser: %s",$HTTP_USER_AGENT);
    printf("<br/>Nutzer IP-Adresse: %s",$REMOTE_ADDR);
    printf("<br/>Aufruf von URL: %s</pre>",$HTTP_REFERER);
    printf("<br/><br/>");

    printf("<br/>Eingabe war %s <br/>",$buchtitel);
    printf("Passwort =%s <br/>",$pass);

    if($grossklein == "angekreuzt")
	{
	printf("Checkbox angekreuzt<br/>");
	}
    else
	{
	printf("Checkbox nicht angekreuzt<br/>");
	}

    switch($sprache)
	{
	case "d":  printf("Deutsch");break;
	case "e":  printf("Engish");break;
	case "a":  printf("Esperanto");break;
	default: printf("Deutsch");
	}
  ?>
<br/><br/>
<a href="ein.html">zur Eingabe</a>
</body>
</html>

Comment 1 Christian Boltz 2006-03-03 11:46:45 UTC

Did you ever hear about PHP's register_globals setting, it's possible security problems and why it was disabled?
If not: http://www.php.net/release_4_1_0.php

This bugreport is most probably invalid, but I let the maintainer decide this ;-)

Comment 2 Robert O'Callahan 2006-03-06 01:59:15 UTC

Why do you think this is a Mozilla bug and not a PHP bug? Have you tested it with other browsers?

Comment 3 Michael Lanczak 2006-03-07 11:34:40 UTC

Comment from Michael Lanczak:
A lot of thanks for your hint with the register_globals by http://www.php.net/release_4_1_0.php !!
But I must say, the data 'ein.html' and 'aus.php' are exercises by the newest edition(!) of a professional exercise book from a High-School for information science! 
This author possibly don't know anything about PHP register_globals at this time, so I also had no knowledge about PHP register_globals. So I understand, that this examples from my bug report can't not run either with the Mozilla-Browser or the Firefox-Browser! The last update with register_globals by www.php.net was Sat Mar 4 12:14:17 2006 PST!
I have revised the data 'ein.html' and 'aus.php' with this register_globals and all runs with both browsers.
So I will write to this author to correct his exercise book for the next, new edition.