Edit report at https://bugs.php.net/bug.php?id=44754&edit=1
ID: 44754 Comment by: rpavlicek at intacct dot com Reported by: famzah at icdsoft dot com Summary: Calling a bad eval() and then include(), resets $_REQUEST Status: Not a bug Type: Bug Package: Scripting Engine problem Operating System: Linux PHP Version: 5.2.5 Block user comment: N Private report: N New Comment: We're not "supposed" to do alot of things in programming (php or otherwise), but people do. We depend on consistent behavior. If setting super globals works in general, then suddenly breaks when a bad eval() takes place...how is that helpful? If its really not supposed to be done, shouldn't PHP throw a fatal error as soon as you try? Or are we supposed to accept "undefined behavior" when we assign superglobals? Previous Comments: ------------------------------------------------------------------------ [2008-07-21 20:39:40] j...@php.net You're not supposed to modify any super-globals. ------------------------------------------------------------------------ [2008-04-17 10:49:36] famzah at icdsoft dot com Description: ------------ If you modify an element of $_REQUEST, then call eval() with some syntax error, and then include() or require() another file, the changes in $_REQUEST are reset to the original values of $_REQUEST at script's startup time. The changes in $_REQUEST are permanently lost and the include()'d file as well as the main PHP file then operate with the reset $_REQUEST values. Reproduce code: --------------- * Proof of concept: PHP 5.2.5 (bug): http://famzah.net/evalbug/index.php?test=abcdef PHP 4.4.8 (no bug): http://famzah.net/evalbug/index.php4?test=abcdef * Source code: PHP 5.2.5 (bug): http://famzah.net/evalbug/index.txt PHP 4.4.8 (no bug): http://famzah.net/evalbug/index4.txt Expected result: ---------------- The expected behavior is that after the modification of an element in $_REQUEST, all included files as well as the main PHP file must operate with the modified values of $_REQUEST, because this is a super-global variable. The above is currently true for all cases except when an eval() call is made which contains a syntax error. For example: eval('this is a syntax error'); I reproduced the bug using the following PHP versions: PHP 5.2.5 (cli), Zend Engine v2.2.0 PHP 5.2.5-3 with Suhosin-Patch 0.9.6.2 (cli), Zend Engine v2.2.0 The following PHP4 version does NOT have the bug: PHP 4.4.8 (cli), Zend Engine v1.3.0 Actual result: -------------- The bug situation is as follows: - We call "index.php" with a GET parameter ?test=abcdef - The script does and outputs the following: index.php: $_REQUEST value is: abcdef index.php: Modifying $_REQUEST by setting key 'test' to 'zzz' index.php: $_REQUEST value is: zzz index.php: Calling eval() with no syntax error. index.php: Including the 'dump.php' file... dump.php: $_REQUEST value is: zzz index.php: $_REQUEST value is: zzz index.php: Calling eval() with a syntax error. index.php: $_REQUEST value is: zzz index.php: Including the 'dump.php' file... dump.php: $_REQUEST value is: abcdef index.php: $_REQUEST value is: abcdef The last two lines must contain the value 'zzz', not 'abcdef'. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=44754&edit=1