Edit report at https://bugs.php.net/bug.php?id=62943&edit=1
ID: 62943
User updated by: esko dot saajanto at code4m dot com
Reported by: esko dot saajanto at code4m dot com
Summary: ?& in header causes parameter problem
-Status: Open
+Status: Closed
Type: Bug
Package: Scripting Engine problem
Operating System: Debian
PHP Version: 5.3.3-7+squeeze8
Block user comment: N
Private report: N
New Comment:
Hi
Sorry for my mistake! Almost 10 years with php and and still there are days
when even the most simpliest piece of code can be misinterpeted (by 3 people)in
way that causes a false bug report like this. Thank you for the exellent
product.
Previous Comments:
------------------------------------------------------------------------
[2012-08-27 14:44:56] anon at anon dot anon
@esko: We can't access that page because it's a private IP. Can you cause this
bug with a simple test script like this:
<?php
header('Content-Type: text/plain');
print_r($GLOBALS);
?>
If not, simplify the buggy code until the bug disappears. Then you'll know
what's triggering it.
------------------------------------------------------------------------
[2012-08-27 07:53:32] esko dot saajanto at code4m dot com
Tested without suhosin with same results.
http://192.168.1.29/resultcode.fi/sarjat/rcea/rcea_tuomaritoiminta_sarjakausi_palkkiot.php?&piiri_id=100013
is the header and system is working fine exept I do get variables available
that are not defined in this module or it's includes.
This is confirmed by two other programmers who took a carefull look of the
code. F.ex. I have a variable $sarjakausi_id that is used in perevious pages
and it comes available to this page even when 'piiri_id' is the only variable
passed. So somehow this is related to the ampersand mark after the first
question mark in parameter list. When '&' is left out the 'sarjakausi_id'
variable is no longer available.
------------------------------------------------------------------------
[2012-08-27 07:36:39] ras...@php.net
Looking at the code I don't see how that is in any way possible. You are sure
this isn't some session-related thing? Can you reproduce it with a simple
script?
How about if you disable Suhosin, does it still happen?
------------------------------------------------------------------------
[2012-08-27 07:32:39] ahar...@php.net
Ah, I see. That does sound very weird.
I can't reproduce your described effects on PHP 5.4.6. I think we'll need a
self-contained reproduction case that works on a stock 5.3.16 or 5.4.6 to have
any hope here.
------------------------------------------------------------------------
[2012-08-27 07:07:36] esko dot saajanto at code4m dot com
Hi.
I'm not sure if I could make my case understandable. So the problem is not that
I miss some parameter(s) in header but rather so that I get variables without
$_GET and $_POST that I shouldn't get according the header sent. This is OK
because the register globals is on - BUT -
If the first character in the header after '?' is '&' so it brings me all the
variables used in the previus pages even if I'd have only two parameters in my
header. That shouldn't be the case?
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=62943
--
Edit this bug report at https://bugs.php.net/bug.php?id=62943&edit=1
