ID: 48379 User updated by: anchoa at cardumen dot info Reported By: anchoa at cardumen dot info -Status: Feedback +Status: Open Bug Type: Variables related Operating System: linux PHP Version: 5.2.9 New Comment:
When the leak happens, register_globals is on When I turn register_globals off, the leak does not happen. register_globals is now "on" at the test site Previous Comments: ------------------------------------------------------------------------ [2009-05-25 08:05:09] [email protected] And register_globals is off..? ------------------------------------------------------------------------ [2009-05-25 03:37:44] anchoa at cardumen dot info Description: ------------ Variables that have the same name as an associative POST or SESSION variable are assigned their values, For example, if $_SESSION['v1'] == "abcd", $v1 is assigned "abcd" instead of being left undefined. Reproduce code: --------------- See: http://testing.cardumen.com/session-bug.php Expected result: ---------------- The right behavior is for the four variables v1, v2, v3, and v4 to remain undefined. Actual result: -------------- Enter some data in text fields v1, v2, v3, and v4 Variables $v1, $v2, $v3, and $v4 will be assigned the values leaked from $_SESSION['v1'], $_SESSION['v2'], $_SESSION['v3'], and $_SESSION['v4'], If you comment out session_start(); and or $_SESSION = $_POST; the values will be leaked from $_POST. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=48379&edit=1
