#20796 [NEW]: Overridden Get, Post and Cookie data with register_globals turned on

pages Tue, 03 Dec 2002 10:26:18 -0800

From:             [EMAIL PROTECTED]
Operating system: Red Hat 8.0
PHP version:      4.2.2
PHP Bug Type:     Variables related
Bug description:  Overridden Get, Post and Cookie data with register_globals turned on


With register_globals turned on, if 3 variables WITH THE
SAME NAME are defined in your script (one as a Get
variable, one as a Post variable and one as a Cookie
variable) and if this name is an ARRAY ELEMENT (let's
say foo[ab]), then $_GET["foo"]["ab"] and
$_POST["foo"]["ab"] will both be set to $_COOKIE["foo"]["ab"].

Let's try it.

First, write the script "print_gpc.php" :

<?php
echo '$_GET';
echo "<PRE>";
print_r($_GET);
echo "</PRE>";

echo '$_POST';
echo "<PRE>";
print_r($_POST);
echo "</PRE>";

echo '$_COOKIE';
echo "<PRE>";
print_r($_COOKIE);
echo "</PRE>";
?>

Then call the form below ("test.php") in your browser :

<?php setcookie("foo[ab]","I_am_a_cookie"); ?>
<FORM METHOD="POST" ACTION="print_gpc.php?foo[ab]=I_am_a_get_value">
<INPUT TYPE="submit" NAME="foo[ab]" VALUE="OK">
</FORM>

and clic on the OK button.

If you have register_globals turned off, you will see
what you expect :

$_GET

Array
(
    [foo] => Array
        (
            [ab] => I_am_a_get_value
        )

)

$_POST

Array
(
    [foo] => Array
        (
            [ab] => OK
        )

)

$_COOKIE

Array
(
    [foo] => Array
        (
            [ab] => I_am_a_cookie
        )

)

but if you have register_globals turned on,
you will have $_GET["foo"]["ab"] == "I_am_a_cookie"
and $_POST["foo"]["ab"] == "I_am_a_cookie".

Strangly, this problem does not occur if the cookie name
is NOT an array element EVEN if register_globals is
turned On. (Try to replace "foo[ab]" by "foo" in the
"test.php" form.)


-- 
Edit bug report at http://bugs.php.net/?id=20796&edit=1
-- 
Try a CVS snapshot:         http://bugs.php.net/fix.php?id=20796&r=trysnapshot
Fixed in CVS:               http://bugs.php.net/fix.php?id=20796&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=20796&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=20796&r=needtrace
Try newer version:          http://bugs.php.net/fix.php?id=20796&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=20796&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=20796&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=20796&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=20796&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=20796&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=20796&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=20796&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=20796&r=isapi

#20796 [NEW]: Overridden Get, Post and Cookie data with register_globals turned on

Reply via email to