ID: 16052
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
-Status: Open
+Status: Bogus
Bug Type: Apache related
Operating System: RH 7.2
PHP Version: 4.1.2
New Comment:
read the manual on "variables_order"
Previous Comments:
------------------------------------------------------------------------
[2002-03-13 17:52:15] [EMAIL PROTECTED]
It is possible to overwrite some predefined variables using GET URI
variables (also, I would imagine, POST vars, but it's harder to test
for those). Consider the following as foo.php:
<?
$varlist = array('DOCUMENT_ROOT',
'GATEWAY_INTERFACE',
'HTTP_ACCEPT',
'HTTP_ACCEPT_CHARSET',
'HTTP_ACCEPT_ENCODING',
'HTTP_ACCEPT_LANGUAGE',
'HTTP_CONNECTION',
'HTTP_COOKIE_VARS',
'HTTP_ENV_VARS',
'HTTP_GET_VARS',
'HTTP_HOST',
'HTTP_POST_FILES',
'HTTP_POST_VARS',
'HTTP_REFERER',
'HTTP_SERVER_VARS',
'HTTP_USER_AGENT',
'PATH_TRANSLATED',
'PHP_SELF',
'QUERY_STRING',
'REMOTE_ADDR',
'REMOTE_PORT',
'REQUEST_METHOD',
'REQUEST_URI',
'SCRIPT_FILENAME',
'SERVER_ADMIN',
'SERVER_NAME',
'SERVER_PORT',
'SERVER_PROTOCOL',
'SERVER_SIGNATURE',
'SERVER_SOFTWARE');
foreach ($varlist as $i)
print "$i = '".${$i}."'<br>\n";
?>
=============
If I now invoke http://www.foo.com/foo.php?HTTP_ACCEPT_CHARSET=blarg or
http://www.foo.com/foo.php?HTTP_REFERER=blarg, I get "blarg" for either
of those variables, rather than the value that should have been there
from Apache and/or PHP.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=16052&edit=1
