ID: 42774
Updated by: [EMAIL PROTECTED]
Reported By: johns582 at mail dot msu dot edu
-Status: Open
+Status: Feedback
Bug Type: Session related
Operating System: Debian 4.1.1; FreeBSD 4.8
PHP Version: 5.2.4
New Comment:
These variables you put in the function definition are super-globals.
That means a) they're global everywhere b) you don't need to pass them
around. I'd be surprised if this kind of code worked at all..
Please fix your code.
Previous Comments:
------------------------------------------------------------------------
[2007-09-30 12:13:40] johns582 at mail dot msu dot edu
Here is a version (12 lines) that doesn't have any of the commented out
code. But I'd still recommend looking at the original, as the commented
code was intended to save you time in reproducing some of the weirder
behavior I described above.
<?php
include_once("php/libraries/general_functions_new.php");
session_start();
$f_name = populate_rev ("f_name", $_GET, $_POST, $_SESSION);
$l_name = populate_rev ("l_name", $_GET, $_POST, $_SESSION);
$_SESSION['f_name'] = $f_name;
$_SESSION['l_name'] = $l_name;
echo "<br>Contents of global _SESSION array: ";
var_export($_SESSION);
echo "<br>Done writing session vars. Check session file or db to
confirm.";
?>
------------------------------------------------------------------------
[2007-09-30 06:28:21] [EMAIL PROTECTED]
And that's the shortest possible script you can reproduce it with?
(I'm pretty sure you can do better.. :)
------------------------------------------------------------------------
[2007-09-29 15:17:50] johns582 at mail dot msu dot edu
Sure - Here is the form from which the script can be invoked:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Test Sessions</title>
</head>
<body>
<form action="/php/test_session.php" method="post">
<input type="text" value="" name="f_name"><br>
<input type="text" value="" name="l_name">
<input type="submit" value="test session">
</form>
</body>
</html>
And here is the script itself (it is currently set up to use a
file-based session handler). There is some commented-out code in here
that should make it easy to see how seemingly irrelevant adjustments to
how the var is initially set will influence whether it gets set in the
session file (or db row):
<?php
//include functions library
include_once("php/libraries/general_functions_new.php");
session_start();
//if the var assignments are made directly from the _POST array,
//then the session vars are successfully set
//$f_name = $_POST['f_name'];
//$l_name = $_POST['l_name'];
//but setting the vars with a call to populate_rev, the subsequently
//assigning them to $_SESSION results in a successful assignment to
//$_SESSION, but no storage in the session file or db.
$f_name = populate_rev ("f_name", $_GET, $_POST, $_SESSION);
$l_name = populate_rev ("l_name", $_GET, $_POST, $_SESSION);
//If code contained in populate_rev is brought into the main
//body of this script, then the session vars are successfully set
/*
if (isset($_GET["f_name"])) {
$f_name = $_GET["f_name"];
}
elseif (isset($_POST["f_name"])) {
$f_name = $_POST["f_name"];
}
else {
if (isset($_SESSION["f_name"])) {
$f_name = $_SESSION["f_name"];
}
else {
$f_name = '';
}
}
if (isset($_GET["l_name"])) {
$l_name = $_GET["l_name"];
}
elseif (isset($_POST["l_name"])) {
$l_name = $_POST["l_name"];
}
else {
if (isset($_SESSION["l_name"])) {
$l_name = $_SESSION["l_name"];
}
else {
$l_name = '';
}
}
*/
//register vars in the session
$_SESSION['f_name'] = $f_name;
$_SESSION['l_name'] = $l_name;
echo "<br>Contents of global _SESSION array: ";
var_export($_SESSION);
echo "<br>Done writing session vars. Check session file or db to
confirm.";
?>
And here is the function library, general_functions_new.php:
<?php
function populate_rev ($array_index, $_GET, $_POST, $_SESSION) {
if (isset($_GET["$array_index"])) {
$var = $_GET["$array_index"];
}
elseif (isset($_POST["$array_index"])) {
$var = $_POST["$array_index"];
}
elseif (isset($_SESSION["$array_index"])) {
$var = $_SESSION["$array_index"];
}
else {
$var = '';
}
return $var;
}
?>
------------------------------------------------------------------------
[2007-09-29 03:02:16] [EMAIL PROTECTED]
Can you please provide a short but complete reproduce script?
------------------------------------------------------------------------
[2007-09-27 13:02:22] johns582 at mail dot msu dot edu
No, register globals is off. Added note: this code worked in versions
of PHP <= 5.0.5
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/42774
--
Edit this bug report at http://bugs.php.net/?id=42774&edit=1
