#51120 [NEW]: If session var is NULL, value will be overwritten by global with same name
From: antonio04 at gmail dot com
Operating system: FreeBSD 7.2
PHP version: 5.3.1
PHP Bug Type: Session related
Bug description: If session var is NULL, value will be overwritten by global
with same name
Description:
When you have a session variable whose whose session array key is
defined but with a NULL value, this variable acts as if register_globals
were enabled, i.e. any value set to a global variable of the same name
is stored in the session as this key's value.
Once the session variable's value has been changed to something not
null, this behavior ceases.
A cursory search in the archives shows that this issue was categorized
as a bogus bug report six years ago (#28482), but the reason given does
not make sense, as the session variable key certainly does exist and
acts unexpectedly when initialized to NULL.
Thanks!
Reproduce code:
---
?php
/* Script 1 */
session_start();
init_set('register_globals', 0);
$_SESSION['foo'] = NULL;
$foo = 'bar';
?
?php
/* Script 2 */
session_start();
var_dump($_SESSION['foo']);
?
Expected result:
Script 1:
Script 2:
Notice: Undefined index: foo in /home/www/interpals/test.php on line 3
NULL
Actual result:
--
Script 1:
Script 2:
string(3) bar
--
Edit bug report at http://bugs.php.net/?id=51120edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=51120r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=51120r=trysnapshot53
Try a snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=51120r=trysnapshot60
Fixed in SVN:
http://bugs.php.net/fix.php?id=51120r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=51120r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=51120r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=51120r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=51120r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=51120r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=51120r=support
Expected behavior:
http://bugs.php.net/fix.php?id=51120r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=51120r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=51120r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=51120r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=51120r=php4
Daylight Savings:http://bugs.php.net/fix.php?id=51120r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=51120r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=51120r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=51120r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=51120r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=51120r=mysqlcfg
#51120 [Com]: If session var is NULL, value will be overwritten by global with same name
ID: 51120
Comment by: antonio04 at gmail dot com
Reported By: antonio04 at gmail dot com
Status: Open
Bug Type: Session related
Operating System: FreeBSD 7.2
PHP Version: 5.3.1
New Comment:
Sorry, there was a typo in the reproduce code -- please check this
instead:
?php
/* Script one */
ini_set('register_globals', 0);
session_start();
$_SESSION['foo'] = NULL;
$foo = 'bar';
?
Then view the second script:
?php
/* Script two */
session_start();
var_dump($_SESSION['foo']);
?
Previous Comments:
[2010-02-23 08:30:05] antonio04 at gmail dot com
Description:
When you have a session variable whose whose session array key is
defined but with a NULL value, this variable acts as if
register_globals
were enabled, i.e. any value set to a global variable of the same name
is stored in the session as this key's value.
Once the session variable's value has been changed to something not
null, this behavior ceases.
A cursory search in the archives shows that this issue was categorized
as a bogus bug report six years ago (#28482), but the reason given does
not make sense, as the session variable key certainly does exist and
acts unexpectedly when initialized to NULL.
Thanks!
Reproduce code:
---
?php
/* Script 1 */
session_start();
init_set('register_globals', 0);
$_SESSION['foo'] = NULL;
$foo = 'bar';
?
?php
/* Script 2 */
session_start();
var_dump($_SESSION['foo']);
?
Expected result:
Script 1:
Script 2:
Notice: Undefined index: foo in /home/www/interpals/test.php on line 3
NULL
Actual result:
--
Script 1:
Script 2:
string(3) bar
--
Edit this bug report at http://bugs.php.net/?id=51120edit=1
#51120 [Com]: If session var is NULL, value will be overwritten by global with same name
ID: 51120
Comment by: antonio04 at gmail dot com
Reported By: antonio04 at gmail dot com
Status: Open
Bug Type: Session related
Operating System: FreeBSD 7.2
PHP Version: 5.3.1
New Comment:
Here are the expected/actual results:
Expected result:
Script 1:
Script 2:
NULL
Actual result:
--
Script 1:
Script 2:
string(3) bar
Previous Comments:
[2010-02-23 08:42:13] antonio04 at gmail dot com
Sorry, there was a typo in the reproduce code -- please check this
instead:
?php
/* Script one */
ini_set('register_globals', 0);
session_start();
$_SESSION['foo'] = NULL;
$foo = 'bar';
?
Then view the second script:
?php
/* Script two */
session_start();
var_dump($_SESSION['foo']);
?
[2010-02-23 08:30:05] antonio04 at gmail dot com
Description:
When you have a session variable whose whose session array key is
defined but with a NULL value, this variable acts as if
register_globals
were enabled, i.e. any value set to a global variable of the same name
is stored in the session as this key's value.
Once the session variable's value has been changed to something not
null, this behavior ceases.
A cursory search in the archives shows that this issue was categorized
as a bogus bug report six years ago (#28482), but the reason given does
not make sense, as the session variable key certainly does exist and
acts unexpectedly when initialized to NULL.
Thanks!
Reproduce code:
---
?php
/* Script 1 */
session_start();
init_set('register_globals', 0);
$_SESSION['foo'] = NULL;
$foo = 'bar';
?
?php
/* Script 2 */
session_start();
var_dump($_SESSION['foo']);
?
Expected result:
Script 1:
Script 2:
Notice: Undefined index: foo in /home/www/interpals/test.php on line 3
NULL
Actual result:
--
Script 1:
Script 2:
string(3) bar
--
Edit this bug report at http://bugs.php.net/?id=51120edit=1
#51120 [Bgs]: If session var is NULL, value will be overwritten by global with same name
ID: 51120
User updated by: antonio04 at gmail dot com
Reported By: antonio04 at gmail dot com
Status: Bogus
Bug Type: Session related
Operating System: FreeBSD 7.2
PHP Version: 5.3.1
New Comment:
Thanks for your quick response.
Sorry, I should have mentioned that register_globals is off in php.ini.
I included the ini_set line to illustrate that point, but I suppose
that's moot, since you can't set it via ini_set =)
However, the problem is still there... can you please try to reproduce
it?
Previous Comments:
[2010-02-23 12:55:53] j...@php.net
For starters, you can't set register_globals in script. Hence there's
no bug but expected (bad) behaviour on having register_globals = On.
Switch it off and all is well. :)
[2010-02-23 10:33:50] antonio04 at gmail dot com
Here are the expected/actual results:
Expected result:
Script 1:
Script 2:
NULL
Actual result:
--
Script 1:
Script 2:
string(3) bar
[2010-02-23 08:42:13] antonio04 at gmail dot com
Sorry, there was a typo in the reproduce code -- please check this
instead:
?php
/* Script one */
ini_set('register_globals', 0);
session_start();
$_SESSION['foo'] = NULL;
$foo = 'bar';
?
Then view the second script:
?php
/* Script two */
session_start();
var_dump($_SESSION['foo']);
?
[2010-02-23 08:30:05] antonio04 at gmail dot com
Description:
When you have a session variable whose whose session array key is
defined but with a NULL value, this variable acts as if
register_globals
were enabled, i.e. any value set to a global variable of the same name
is stored in the session as this key's value.
Once the session variable's value has been changed to something not
null, this behavior ceases.
A cursory search in the archives shows that this issue was categorized
as a bogus bug report six years ago (#28482), but the reason given does
not make sense, as the session variable key certainly does exist and
acts unexpectedly when initialized to NULL.
Thanks!
Reproduce code:
---
?php
/* Script 1 */
session_start();
init_set('register_globals', 0);
$_SESSION['foo'] = NULL;
$foo = 'bar';
?
?php
/* Script 2 */
session_start();
var_dump($_SESSION['foo']);
?
Expected result:
Script 1:
Script 2:
Notice: Undefined index: foo in /home/www/interpals/test.php on line 3
NULL
Actual result:
--
Script 1:
Script 2:
string(3) bar
--
Edit this bug report at http://bugs.php.net/?id=51120edit=1
#51120 [Bgs]: If session var is NULL, value will be overwritten by global with same name
ID: 51120
User updated by: antonio04 at gmail dot com
Reported By: antonio04 at gmail dot com
Status: Bogus
Bug Type: Session related
Operating System: FreeBSD 7.2
PHP Version: 5.3.1
New Comment:
Just to confirm, register_globals is definitely off -- both as reported
by phpinfo() as well as the following snippet:
?php
echo 'register_globals = ' . ini_get('register_globals') . \n;
?
Which displays the following:
register_globals =
Previous Comments:
[2010-02-23 13:07:21] antonio04 at gmail dot com
Thanks for your quick response.
Sorry, I should have mentioned that register_globals is off in php.ini.
I included the ini_set line to illustrate that point, but I suppose
that's moot, since you can't set it via ini_set =)
However, the problem is still there... can you please try to reproduce
it?
[2010-02-23 12:55:53] j...@php.net
For starters, you can't set register_globals in script. Hence there's
no bug but expected (bad) behaviour on having register_globals = On.
Switch it off and all is well. :)
[2010-02-23 10:33:50] antonio04 at gmail dot com
Here are the expected/actual results:
Expected result:
Script 1:
Script 2:
NULL
Actual result:
--
Script 1:
Script 2:
string(3) bar
[2010-02-23 08:42:13] antonio04 at gmail dot com
Sorry, there was a typo in the reproduce code -- please check this
instead:
?php
/* Script one */
ini_set('register_globals', 0);
session_start();
$_SESSION['foo'] = NULL;
$foo = 'bar';
?
Then view the second script:
?php
/* Script two */
session_start();
var_dump($_SESSION['foo']);
?
[2010-02-23 08:30:05] antonio04 at gmail dot com
Description:
When you have a session variable whose whose session array key is
defined but with a NULL value, this variable acts as if
register_globals
were enabled, i.e. any value set to a global variable of the same name
is stored in the session as this key's value.
Once the session variable's value has been changed to something not
null, this behavior ceases.
A cursory search in the archives shows that this issue was categorized
as a bogus bug report six years ago (#28482), but the reason given does
not make sense, as the session variable key certainly does exist and
acts unexpectedly when initialized to NULL.
Thanks!
Reproduce code:
---
?php
/* Script 1 */
session_start();
init_set('register_globals', 0);
$_SESSION['foo'] = NULL;
$foo = 'bar';
?
?php
/* Script 2 */
session_start();
var_dump($_SESSION['foo']);
?
Expected result:
Script 1:
Script 2:
Notice: Undefined index: foo in /home/www/interpals/test.php on line 3
NULL
Actual result:
--
Script 1:
Script 2:
string(3) bar
--
Edit this bug report at http://bugs.php.net/?id=51120edit=1
#51120 [Bgs]: If session var is NULL, value will be overwritten by global with same name
ID: 51120
User updated by: antonio04 at gmail dot com
Reported By: antonio04 at gmail dot com
Status: Bogus
Bug Type: Session related
Operating System: FreeBSD 7.2
PHP Version: 5.3.1
New Comment:
On further research, this seems due to the session.bug_compat_42
bug/feature. Turning this setting off in php.ini has resolved the
issue. Thanks.
Previous Comments:
[2010-02-23 13:13:24] antonio04 at gmail dot com
Just to confirm, register_globals is definitely off -- both as reported
by phpinfo() as well as the following snippet:
?php
echo 'register_globals = ' . ini_get('register_globals') . \n;
?
Which displays the following:
register_globals =
[2010-02-23 13:07:21] antonio04 at gmail dot com
Thanks for your quick response.
Sorry, I should have mentioned that register_globals is off in php.ini.
I included the ini_set line to illustrate that point, but I suppose
that's moot, since you can't set it via ini_set =)
However, the problem is still there... can you please try to reproduce
it?
[2010-02-23 12:55:53] j...@php.net
For starters, you can't set register_globals in script. Hence there's
no bug but expected (bad) behaviour on having register_globals = On.
Switch it off and all is well. :)
[2010-02-23 10:33:50] antonio04 at gmail dot com
Here are the expected/actual results:
Expected result:
Script 1:
Script 2:
NULL
Actual result:
--
Script 1:
Script 2:
string(3) bar
[2010-02-23 08:42:13] antonio04 at gmail dot com
Sorry, there was a typo in the reproduce code -- please check this
instead:
?php
/* Script one */
ini_set('register_globals', 0);
session_start();
$_SESSION['foo'] = NULL;
$foo = 'bar';
?
Then view the second script:
?php
/* Script two */
session_start();
var_dump($_SESSION['foo']);
?
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/51120
--
Edit this bug report at http://bugs.php.net/?id=51120edit=1
