From: wxjasp02 at smumn dot edu Operating system: RedHat Linux 9.0 PHP version: Irrelevant PHP Bug Type: Session related Bug description: variables in a function or script alter session variables
Description: ------------ Whenever i use a variable declared $group or $username in a function or part of a script, and $_SESSION['group'] or $_SESSION['username'] are in a valid session, the $group or $username variables ALTER the respective $_SESSION variable by the time the script ends. This should NEVER occur. Reproduce code: --------------- http://www.mytoast.net/phpbug.html Expected result: ---------------- It should complete all the if () statements safely, and execute them as if I were of the correct group type. Actual result: -------------- Basically, a $_SESSION['group'] is written to a session when a user logs in to my site. The form above, allows administrators of my site to alter user permissions and whatnot, but it seems if $group is a variable in the script, (and set), the $_SESSION['group'] gets altered to whatever that value is, and the real administrator loses all their admin privileges until they login again. This is extremely annoying. I found a workaround for the time being, but i don't like making more code than i have to... -- Edit bug report at http://bugs.php.net/?id=27471&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=27471&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=27471&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=27471&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=27471&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=27471&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=27471&r=needscript Try newer version: http://bugs.php.net/fix.php?id=27471&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=27471&r=support Expected behavior: http://bugs.php.net/fix.php?id=27471&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=27471&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=27471&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=27471&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=27471&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=27471&r=dst IIS Stability: http://bugs.php.net/fix.php?id=27471&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=27471&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=27471&r=float