ID: 45566 User updated by: samuel at slbdata dot se Reported By: samuel at slbdata dot se Status: Open Bug Type: Strings related Operating System: Ubuntu 8.04.1 PHP Version: 6CVS-2008-07-19 (snap) New Comment:
I looked through the HTTP specification to see which $_SERVER values are US-ASCII encoded and which values are not. These values are always US-ASCII encoded and can be converted to unicode (section in HTTP spec. in parantesis): SERVER_PROTOCOL (section 3.1) HTTP_ACCEPT_ENCODING (section 14.3) HTTP_ACCEPT_CHARSET (section 14.2) HTTP_CONNECTION (section 14.10) URLs are encoded according to RFC 2396 and can't contain any non-ASCII characters. So HTTP_HOST, REQUEST_URI and QUERY_STRING are also safe. SERVER_PORT, REMOTE_PORT, HTTP_KEEP_ALIVE, GATEWAY_INTERFACE seem to be safe to convert too ;) The other HTTP values may contain ISO-8859-1 characters and characters from other encodings if they are RFC 2047 encoded (see TEXT in section 2.2). I guess the path values like PHP_SELF use should use the encoding in unicode.filesystem_encoding, but I don't really know how Unicode in PHP works so I could be wrong. Previous Comments: ------------------------------------------------------------------------ [2008-07-23 09:15:25] samuel at slbdata dot se <?php $str = 'Test'; var_dump($str); echo "<br />\n"; $rm = $_SERVER['REQUEST_METHOD']; var_dump($rm); echo "<br />\n"; $sp = $_SERVER['SERVER_PROTOCOL']; var_dump($sp); echo "<br />\n"; ?> That code gives me: unicode(4) "Test" string(3) "GET" string(8) "HTTP/1.1" So the problem is that $_SERVER variables are binary strings? The HTTP specification says that all request methods are US-ASCII encoded (RFC 2616 section 5.1.1) so at least REQUEST_METHOD should be safe to convert to unicode. >From the HTTP spec: CHAR = <any US-ASCII character (octets 0 - 127)> token = 1*<any CHAR except CTLs or separators> Method = "OPTIONS" ; Section 9.2 | "GET" ; Section 9.3 | "HEAD" ; Section 9.4 .... | extension-method extension-method = token ------------------------------------------------------------------------ [2008-07-22 22:33:30] [EMAIL PROTECTED] Try var_dump() on those variables. ------------------------------------------------------------------------ [2008-07-19 20:43:38] samuel at slbdata dot se Description: ------------ Comparing a string in the $_SERVER superglobal using the strict equality operator (===) always fails, even though both types are strings. $_GET and other variables work fine. I'm using the php.ini-recommended file, with no changes except for display_(startup_)errors which are enabled. My locale is sv_SE.UTF-8 (the LANG environment variable is set to this value) This used to work fine in php6.0-200804260630 Reproduce code: --------------- <?php $rm = $_SERVER['REQUEST_METHOD']; echo "Type is: ".gettype($rm)." <br />\n"; if (($rm !== 'GET') && ($rm == 'GET')) { echo "Bug! <br />\n"; } else { echo "Correct behaviour! <br />\n"; } $sp = $_SERVER['SERVER_PROTOCOL']; echo "Type is: ".gettype($sp)." <br />\n"; if (($sp !== 'HTTP/1.1') && ($sp == 'HTTP/1.1')) { echo "Bug! <br />\n"; } else { echo "Correct behaviour! <br />\n"; } Expected result: ---------------- Type is: string Correct behaviour! Type is: string Correct behaviour! Actual result: -------------- Type is: string Bug! Type is: string Bug! ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=45566&edit=1