ID: 41093
User updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Open
Bug Type: Scripting Engine problem
Operating System: Irrelevant
PHP Version: 5.2.1
New Comment:
This seems to fix it (as in the equivalent line for scalar values on
198):
Index: php_variables.c
===================================================================
RCS file: /repository/php-src/main/php_variables.c,v
retrieving revision 1.104.2.10.2.7
diff -u -r1.104.2.10.2.7 php_variables.c
--- php_variables.c 28 Mar 2007 09:14:08 -0000 1.104.2.10.2.7
+++ php_variables.c 15 Apr 2007 10:26:31 -0000
@@ -158,8 +158,7 @@
array_init(gpc_element);
zend_hash_next_index_insert(symtable1,
&gpc_element, sizeof(zval
*), (void **) &gpc_element_p);
} else {
- if (PG(magic_quotes_gpc) && (index != var)) {
- /* no need to addslashes() the index if
it's the main variable
name */
+ if (PG(magic_quotes_gpc)) {
escaped_index = php_addslashes(index,
index_len, &index_len, 0
TSRMLS_CC);
} else {
escaped_index = index;
Previous Comments:
------------------------------------------------------------------------
[2007-04-15 10:04:19] [EMAIL PROTECTED]
NB: I specified 5.2.1 to keep the bug tracker happy, but as you can see
from the linked tests, this bug is present in every version I tested (>=
4.2.0).
------------------------------------------------------------------------
[2007-04-15 09:58:58] [EMAIL PROTECTED]
Description:
------------
When magic_quotes_gpc is on, it ignores the keys of array values in
$_GET etc, despite escaping keys of scalar values and all keys in
contained arrays. For example, the query string ?a'b=1 yields
$_GET[a\'b] = 1, but ?a'b[a'b]=1 yields $_GET[a'b][a\'b] = 1.
http://www.rajeczy.com/compat_gpc_tests.txt
Reproduce code:
---------------
?a'b[a'b]=1
Expected result:
----------------
$_GET[a\'b][a\'b] = 1
Actual result:
--------------
$_GET[a'b][a\'b] = 1
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=41093&edit=1
