ID: 16052 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Open +Status: Bogus Bug Type: Apache related Operating System: RH 7.2 PHP Version: 4.1.2 New Comment:
read the manual on "variables_order" Previous Comments: ------------------------------------------------------------------------ [2002-03-13 17:52:15] [EMAIL PROTECTED] It is possible to overwrite some predefined variables using GET URI variables (also, I would imagine, POST vars, but it's harder to test for those). Consider the following as foo.php: <? $varlist = array('DOCUMENT_ROOT', 'GATEWAY_INTERFACE', 'HTTP_ACCEPT', 'HTTP_ACCEPT_CHARSET', 'HTTP_ACCEPT_ENCODING', 'HTTP_ACCEPT_LANGUAGE', 'HTTP_CONNECTION', 'HTTP_COOKIE_VARS', 'HTTP_ENV_VARS', 'HTTP_GET_VARS', 'HTTP_HOST', 'HTTP_POST_FILES', 'HTTP_POST_VARS', 'HTTP_REFERER', 'HTTP_SERVER_VARS', 'HTTP_USER_AGENT', 'PATH_TRANSLATED', 'PHP_SELF', 'QUERY_STRING', 'REMOTE_ADDR', 'REMOTE_PORT', 'REQUEST_METHOD', 'REQUEST_URI', 'SCRIPT_FILENAME', 'SERVER_ADMIN', 'SERVER_NAME', 'SERVER_PORT', 'SERVER_PROTOCOL', 'SERVER_SIGNATURE', 'SERVER_SOFTWARE'); foreach ($varlist as $i) print "$i = '".${$i}."'<br>\n"; ?> ============= If I now invoke http://www.foo.com/foo.php?HTTP_ACCEPT_CHARSET=blarg or http://www.foo.com/foo.php?HTTP_REFERER=blarg, I get "blarg" for either of those variables, rather than the value that should have been there from Apache and/or PHP. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=16052&edit=1