Edit report at https://bugs.php.net/bug.php?id=38171&edit=1
ID: 38171
Updated by: ni...@php.net
Reported by: ksharpe at kharysharpe dot com
Summary: Validating $_SERVER tampering
-Status: Open
+Status: Wont fix
Type: Feature/Change Request
-Package: Feature/Change Request
+Package: *General Issues
Operating System: ALL
PHP Version: 5.1.4
Block user comment: N
Private report: N
New Comment:
This doesn't seem particularly useful to me and if you need it then it's simple
enough to implement in userland PHP: Just do a $backup = $_SERVER and compare
to that later. Marking as Wfx.
Previous Comments:
------------------------------------------------------------------------
[2006-07-21 01:20:00] ksharpe at kharysharpe dot com
Description:
------------
I would like to propose a solution that will allow to test whether $_SERVER (or
similar ) predefined variables have been changed since PHP initialized them.
string predefinedVarHash(string predefinedVar)
PHP at runtime, after variables have been initialized/loaded, would store the
serialized hash of the predefined variable that could be later retrieved by the
above function.
Reproduce code:
---------------
e.g.
<?php
$md5Hash = predefinedVarHash("SERVER");
if ($md5Hash !== md5(serialize($_SERVER)))
die('$_SERVER changed');
else
echo '$_SERVER has not been changed';
?>
Expected result:
----------------
This would allow us to validate the information stored in the variable, while
still allowing us to legitimately change the value of $_SERVER or other
predefind variables.
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=38171&edit=1
