From: [EMAIL PROTECTED]
Operating system: RH 7.2
PHP version: 4.1.2
PHP Bug Type: Apache related
Bug description: Some predefined variables allow GET overwrite
It is possible to overwrite some predefined variables using GET URI
variables (also, I would imagine, POST vars, but it's harder to test for
those). Consider the following as foo.php:
<?
$varlist = array('DOCUMENT_ROOT',
'GATEWAY_INTERFACE',
'HTTP_ACCEPT',
'HTTP_ACCEPT_CHARSET',
'HTTP_ACCEPT_ENCODING',
'HTTP_ACCEPT_LANGUAGE',
'HTTP_CONNECTION',
'HTTP_COOKIE_VARS',
'HTTP_ENV_VARS',
'HTTP_GET_VARS',
'HTTP_HOST',
'HTTP_POST_FILES',
'HTTP_POST_VARS',
'HTTP_REFERER',
'HTTP_SERVER_VARS',
'HTTP_USER_AGENT',
'PATH_TRANSLATED',
'PHP_SELF',
'QUERY_STRING',
'REMOTE_ADDR',
'REMOTE_PORT',
'REQUEST_METHOD',
'REQUEST_URI',
'SCRIPT_FILENAME',
'SERVER_ADMIN',
'SERVER_NAME',
'SERVER_PORT',
'SERVER_PROTOCOL',
'SERVER_SIGNATURE',
'SERVER_SOFTWARE');
foreach ($varlist as $i)
print "$i = '".${$i}."'<br>\n";
?>
=============
If I now invoke http://www.foo.com/foo.php?HTTP_ACCEPT_CHARSET=blarg or
http://www.foo.com/foo.php?HTTP_REFERER=blarg, I get "blarg" for either of
those variables, rather than the value that should have been there from
Apache and/or PHP.
--
Edit bug report at http://bugs.php.net/?id=16052&edit=1
--
Fixed in CVS: http://bugs.php.net/fix.php?id=16052&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=16052&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=16052&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=16052&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=16052&r=support
Expected behavior: http://bugs.php.net/fix.php?id=16052&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=16052&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=16052&r=submittedtwice
