Hi there. This must be a curious question, but I want to know...
Recently I've checked several globals, how it is overwritten. the globals are $PHP_SELF and $PHP_AUTH_USER. the first time, $PHP_AUTH_USER. This is overwritten by the http GET values when such a following uri. (and Post will be so.) http://foo.bar.com/test.php3?PHP_AUTH_USER=CRACK This case is tested under PHP Version 3.0.18-i18n-ja-2. but is not overwritten under PHP Version 4.0.3pl1 the second, $PHP_SELF. This is not overwritten by the http GET values when such a following uri. http://foo.bar.com/test.php3?PHP_SELF=CRACK.php This is true both under PHP Version 4.0.3pl1 and PHP Version 3.0.18-i18n-ja-2 the difference is probably that PHP_AUTH_USER is value from http request originally (="Authorization" header), but PHP_SELF is server side, I think. though, such above behavior with each global is the intended spec of PHP? Or Simply by the order of the evaluation in internal for these values? I tested with my test servers. my test server configuration, php.ini is defined with each PHP3: register_globals (none. not defined.) PHP4: register_globals = on I've cheked with phpinfo() also. Any opinion will be appreciated. Thanks. ----------------------- K.Tomono -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php