From: grangeway at blueyonder dot co dot uk Operating system: any PHP version: 4.3.8 PHP Bug Type: Feature/Change Request Bug description: phpinfo output inconsistent
Description: ------------ Bug #24024 discusses the fact that _SERVER["argv"], does not convert html entities e.g. < to < as phpinfo() is a debugging tool, and is marked as bogus. If this is the case, and content should not be escaped as phpinfo is for debugging, then: _SERVER["QUERY_STRING"]</td><td class="v">test=<script>alert()</script></td></tr> should not escape < to < and should be consistent with the behaviour of _SERVER['argv']. At the moment, _SERVER['argv'] and GET['test'] / _SERVER["QUERY_STRING"]</ etc show different representations of the same string, where in reality the value is the same. Expected result: ---------------- Ideally All strings should be escaped. If not (i.e. if this would hinder debugging), then no strings should be escaped so that the output of any string in phpinfo matches the expected value given when running var_dump on the variable. -- Edit bug report at http://bugs.php.net/?id=29570&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=29570&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=29570&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=29570&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=29570&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=29570&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=29570&r=needscript Try newer version: http://bugs.php.net/fix.php?id=29570&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=29570&r=support Expected behavior: http://bugs.php.net/fix.php?id=29570&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=29570&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=29570&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=29570&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=29570&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=29570&r=dst IIS Stability: http://bugs.php.net/fix.php?id=29570&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=29570&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=29570&r=float