ID: 42774
Updated by: [EMAIL PROTECTED]
Reported By: johns582 at mail dot msu dot edu
-Status: Open
+Status: Feedback
Bug Type: Session related
Operating System: Debian 4.1.1; FreeBSD 4.8
PHP Version: 5.2.4
New Comment:
Can you please provide a short but complete reproduce script?
Previous Comments:
------------------------------------------------------------------------
[2007-09-27 13:02:22] johns582 at mail dot msu dot edu
No, register globals is off. Added note: this code worked in versions
of PHP <= 5.0.5
------------------------------------------------------------------------
[2007-09-27 09:46:05] [EMAIL PROTECTED]
Is register_globals=On ?
------------------------------------------------------------------------
[2007-09-27 04:10:26] johns582 at mail dot msu dot edu
Description:
------------
We use a function (see below) to populate variables based on whether
there is a key present in the $_GET, $_POST, or $_SESSION arrays. After
this function is called and the result assigned to a variable, we save
the variable in a session with:
$_SESSION['var'] = $var;
The result of this statement is that the variable $var is successful
stored in $_SESSION but is not saved to the session file, which is what
we expect. We can correct the problem by taking the logic in the
function below out of the function and placing it into the body of the
main script. We've also noticed that even when the function is called by
the main script, but not used to assign a value to a variable we intend
to store in a session, this is enough to "break" the session in the
manner described above (e.g.,
//DOESN'T WORK TO MAKE $f_name and $l_name appear in the session file
//even though we aren't actually storing the value of $f_name_p or
//$l_name_p in the session. But works if lines 3 and 4 are removed.
$f_name = $_POST['f_name'];
$l_name = $_POST['l_name'];
$f_name_p = populate_rev ("f_name", $_GET, $_POST, $_SESSION);
$l_name_p = populate_rev ("l_name", $_GET, $_POST, $_SESSION);
$_SESSION['f_name'] = $f_name;
$_SESSION['l_name'] = $l_name;
One last point: This problem occurs with both the default "files"
session handler and a custom db-backed handler. Using the db-backed
handler, we can confirm that the overloaded "write" function received a
session key, but no data.
Reproduce code:
---------------
function populate_rev ($array_index, $_GET, $_POST, $_SESSION) {
if (isset($_GET["$array_index"])) {
$var = $_GET["$array_index"];
}
elseif (isset($_POST["$array_index"])) {
$var = $_POST["$array_index"];
}
elseif (isset($_SESSION["$array_index"])) {
$var = $_SESSION["$array_index"];
}
else {
$var = '';
}
return $var;
}
Expected result:
----------------
Expected to see the string f_name|s:7:"Heather";l_name|s:7:"Johnson";
present in the session file or in the database (depending on which
handler was currently being used), for example, following assignment of
$f_name and $l_name to the corresponding key in $_SESSION and
termination of the script.
Actual result:
--------------
Even though the $_SESSION array contains the expected key/value pairs,
the session file or database row (in the case of our custom handler)
doesn't contain them. No data is passed to the session write function in
the case of the custom handler. Moving the function's logic into the
main body of the script, or abandoning the function in favor of straight
assignment from the $_POST vars array is the only way to produce the
expected result. (e.g.,
$f_name = $_POST['f_name'];
$l_name = $_POST['l_name'];
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=42774&edit=1
