ID: 41093 User updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Scripting Engine problem Operating System: Irrelevant PHP Version: 5.2.1 New Comment:
This seems to fix it (as in the equivalent line for scalar values on 198): Index: php_variables.c =================================================================== RCS file: /repository/php-src/main/php_variables.c,v retrieving revision 1.104.2.10.2.7 diff -u -r1.104.2.10.2.7 php_variables.c --- php_variables.c 28 Mar 2007 09:14:08 -0000 1.104.2.10.2.7 +++ php_variables.c 15 Apr 2007 10:26:31 -0000 @@ -158,8 +158,7 @@ array_init(gpc_element); zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); } else { - if (PG(magic_quotes_gpc) && (index != var)) { - /* no need to addslashes() the index if it's the main variable name */ + if (PG(magic_quotes_gpc)) { escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC); } else { escaped_index = index; Previous Comments: ------------------------------------------------------------------------ [2007-04-15 10:04:19] [EMAIL PROTECTED] NB: I specified 5.2.1 to keep the bug tracker happy, but as you can see from the linked tests, this bug is present in every version I tested (>= 4.2.0). ------------------------------------------------------------------------ [2007-04-15 09:58:58] [EMAIL PROTECTED] Description: ------------ When magic_quotes_gpc is on, it ignores the keys of array values in $_GET etc, despite escaping keys of scalar values and all keys in contained arrays. For example, the query string ?a'b=1 yields $_GET[a\'b] = 1, but ?a'b[a'b]=1 yields $_GET[a'b][a\'b] = 1. http://www.rajeczy.com/compat_gpc_tests.txt Reproduce code: --------------- ?a'b[a'b]=1 Expected result: ---------------- $_GET[a\'b][a\'b] = 1 Actual result: -------------- $_GET[a'b][a\'b] = 1 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=41093&edit=1