#30523 [Opn]: _GET bug with null last var persists
ID: 30523 User updated by: support at ruishi dot info Reported By: support at ruishi dot info Status: Open Bug Type: URL related Operating System: Linux SUSE PHP Version: 4.3.9 New Comment: It turned out to be a bug of suphp... After upgrading it to suphp-0.5.2, the problem is solved. Btw, I am running Apache2. No idea if it works for Apache1, however no wonder if it does. This bug can be closed now. I suggest doing so, thanks. Previous Comments: [2004-10-28 22:28:02] support at ruishi dot info Hello, some investigation reveals that the hosting company has its reasons to run it using the CGI API, mainly because of the security related to multi hosting users. If PHP is run using the Apache API, then every hosting user can view other users' file (e.g. config files containing passwords). This problem seems to have existed for extremely long time (several years), hope it wouldn't stay there forever... No guru could get rid of it? Is there any way around? See, one normally has to host his files on an ISP's machine, but PHP is usually installed using the CGI API because of the security reason mentioned above. If $_GET does not work (probably other $_VARs as well), then most php scripts would be broken. How could the Web site survive? Has anyone collected information about which OSes are free from this bug? SUSE seems to be problematic, how about debian and else? [2004-10-22 11:10:36] support at ruishi dot info in the output of phpinfo(), there does exist a line Server API: CGI. I will check with our sysadmin to see if we can solve it by making it an Apache2 module. Stay tuned please. More comments and suggestions are welcome. [2004-10-22 00:57:24] scottm at spamcop dot net We've had customers with a similar issue but never found out the cause of it, we had null session paramaters in the query string if they were using cookies but for some reason or another some hosts just didn't work. We were never able to find out what caused this in the first place. I've just searched through a few of the previous support tickets and they varied from PHP 4.3.1 to PHP 4.3.4. They all ran PHP as a CGI though. Do you run PHP as a CGI? [2004-10-21 23:55:32] support at ruishi dot info A typo in the submission (in the section of Expected Result): -- For Link 2, the correct result should be: Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = 3 ) -- should be: Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = NULL or ''?) [2004-10-21 23:19:42] support at ruishi dot info Description: The bug described earlier in http://bugs.php.net/bug.php?id=28221 by some sir else still persists in PHP-4.3.9, Suse Linux. The problem is: The request page.php?var1=avar2=bvar3=c sets the $_GET array correctly, but a slightly different request page.php?var1=avar2=bvar3= with a null $var3 will make the whole $_GET array null! A live demo can be found at: Everything is fine with Link 1: http://www.ruishi.info/forum/testwindnumeric.php?tid=123a=1b=2c=3 Then $_GET becomes null is the last variable $c is null in Link 2: http://www.ruishi.info/forum/testwindnumeric.php?tid=123a=1b=2c= Reproduce code: --- $tid=?=$_GET['tid']?br ?php require_once('./testglobal.php'); echo $tidbr; echo $_GET['tid']; echo \$_GET=; print_r($_GET); echo br; if(!is_numeric($_GET['tid'])) echo('invalid id number'); ? In testglobal.php, the related sections: print_r($_GET); echo br; unset($GLOBALS,$_ENV,$HTTP_ENV_VARS,$_REQUEST,$HTTP_POST_VARS,$HTTP_GET_VARS,$HTTP_POST_FILES,$HTTP_COOKIE_VARS); $Is_Gmqgg=get_magic_quotes_gpc(); if(!$Is_Gmqgg){ Add_S($_POST); Add_S($_GET); Add_S($_COOKIE); } print_r($_GET); echo br; .. Expected result: For Link 1, the result is correct. For Link 2, the correct result should be: Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = 3 ) Actual result: -- For Link 2, the actual incorrect result is: Array ( ) -- Edit this bug report at http://bugs.php.net/?id=30523edit=1
#30523 [Opn]: _GET bug with null last var persists
ID: 30523 User updated by: support at ruishi dot info Reported By: support at ruishi dot info Status: Open Bug Type: URL related Operating System: Linux SUSE PHP Version: 4.3.9 New Comment: Hello, some investigation reveals that the hosting company has its reasons to run it using the CGI API, mainly because of the security related to multi hosting users. If PHP is run using the Apache API, then every hosting user can view other users' file (e.g. config files containing passwords). This problem seems to have existed for extremely long time (several years), hope it wouldn't stay there forever... No guru could get rid of it? Is there any way around? See, one normally has to host his files on an ISP's machine, but PHP is usually installed using the CGI API because of the security reason mentioned above. If $_GET does not work (probably other $_VARs as well), then most php scripts would be broken. How could the Web site survive? Has anyone collected information about which OSes are free from this bug? SUSE seems to be problematic, how about debian and else? Previous Comments: [2004-10-22 11:10:36] support at ruishi dot info in the output of phpinfo(), there does exist a line Server API: CGI. I will check with our sysadmin to see if we can solve it by making it an Apache2 module. Stay tuned please. More comments and suggestions are welcome. [2004-10-22 00:57:24] scottm at spamcop dot net We've had customers with a similar issue but never found out the cause of it, we had null session paramaters in the query string if they were using cookies but for some reason or another some hosts just didn't work. We were never able to find out what caused this in the first place. I've just searched through a few of the previous support tickets and they varied from PHP 4.3.1 to PHP 4.3.4. They all ran PHP as a CGI though. Do you run PHP as a CGI? [2004-10-21 23:55:32] support at ruishi dot info A typo in the submission (in the section of Expected Result): -- For Link 2, the correct result should be: Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = 3 ) -- should be: Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = NULL or ''?) [2004-10-21 23:19:42] support at ruishi dot info Description: The bug described earlier in http://bugs.php.net/bug.php?id=28221 by some sir else still persists in PHP-4.3.9, Suse Linux. The problem is: The request page.php?var1=avar2=bvar3=c sets the $_GET array correctly, but a slightly different request page.php?var1=avar2=bvar3= with a null $var3 will make the whole $_GET array null! A live demo can be found at: Everything is fine with Link 1: http://www.ruishi.info/forum/testwindnumeric.php?tid=123a=1b=2c=3 Then $_GET becomes null is the last variable $c is null in Link 2: http://www.ruishi.info/forum/testwindnumeric.php?tid=123a=1b=2c= Reproduce code: --- $tid=?=$_GET['tid']?br ?php require_once('./testglobal.php'); echo $tidbr; echo $_GET['tid']; echo \$_GET=; print_r($_GET); echo br; if(!is_numeric($_GET['tid'])) echo('invalid id number'); ? In testglobal.php, the related sections: print_r($_GET); echo br; unset($GLOBALS,$_ENV,$HTTP_ENV_VARS,$_REQUEST,$HTTP_POST_VARS,$HTTP_GET_VARS,$HTTP_POST_FILES,$HTTP_COOKIE_VARS); $Is_Gmqgg=get_magic_quotes_gpc(); if(!$Is_Gmqgg){ Add_S($_POST); Add_S($_GET); Add_S($_COOKIE); } print_r($_GET); echo br; .. Expected result: For Link 1, the result is correct. For Link 2, the correct result should be: Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = 3 ) Actual result: -- For Link 2, the actual incorrect result is: Array ( ) -- Edit this bug report at http://bugs.php.net/?id=30523edit=1
#30523 [Opn]: _GET bug with null last var persists
ID: 30523 User updated by: support at ruishi dot info Reported By: support at ruishi dot info Status: Open Bug Type: URL related Operating System: Linux SUSE PHP Version: 4.3.9 New Comment: in the output of phpinfo(), there does exist a line Server API: CGI. I will check with our sysadmin to see if we can solve it by making it an Apache2 module. Stay tuned please. More comments and suggestions are welcome. Previous Comments: [2004-10-22 00:57:24] scottm at spamcop dot net We've had customers with a similar issue but never found out the cause of it, we had null session paramaters in the query string if they were using cookies but for some reason or another some hosts just didn't work. We were never able to find out what caused this in the first place. I've just searched through a few of the previous support tickets and they varied from PHP 4.3.1 to PHP 4.3.4. They all ran PHP as a CGI though. Do you run PHP as a CGI? [2004-10-21 23:55:32] support at ruishi dot info A typo in the submission (in the section of Expected Result): -- For Link 2, the correct result should be: Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = 3 ) -- should be: Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = NULL or ''?) [2004-10-21 23:19:42] support at ruishi dot info Description: The bug described earlier in http://bugs.php.net/bug.php?id=28221 by some sir else still persists in PHP-4.3.9, Suse Linux. The problem is: The request page.php?var1=avar2=bvar3=c sets the $_GET array correctly, but a slightly different request page.php?var1=avar2=bvar3= with a null $var3 will make the whole $_GET array null! A live demo can be found at: Everything is fine with Link 1: http://www.ruishi.info/forum/testwindnumeric.php?tid=123a=1b=2c=3 Then $_GET becomes null is the last variable $c is null in Link 2: http://www.ruishi.info/forum/testwindnumeric.php?tid=123a=1b=2c= Reproduce code: --- $tid=?=$_GET['tid']?br ?php require_once('./testglobal.php'); echo $tidbr; echo $_GET['tid']; echo \$_GET=; print_r($_GET); echo br; if(!is_numeric($_GET['tid'])) echo('invalid id number'); ? In testglobal.php, the related sections: print_r($_GET); echo br; unset($GLOBALS,$_ENV,$HTTP_ENV_VARS,$_REQUEST,$HTTP_POST_VARS,$HTTP_GET_VARS,$HTTP_POST_FILES,$HTTP_COOKIE_VARS); $Is_Gmqgg=get_magic_quotes_gpc(); if(!$Is_Gmqgg){ Add_S($_POST); Add_S($_GET); Add_S($_COOKIE); } print_r($_GET); echo br; .. Expected result: For Link 1, the result is correct. For Link 2, the correct result should be: Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = 3 ) Actual result: -- For Link 2, the actual incorrect result is: Array ( ) -- Edit this bug report at http://bugs.php.net/?id=30523edit=1
#30523 [NEW]: _GET bug with null last var persists
From: support at ruishi dot info Operating system: Linux SUSE PHP version: 4.3.9 PHP Bug Type: URL related Bug description: _GET bug with null last var persists Description: The bug described earlier in http://bugs.php.net/bug.php?id=28221 by some sir else still persists in PHP-4.3.9, Suse Linux. The problem is: The request page.php?var1=avar2=bvar3=c sets the $_GET array correctly, but a slightly different request page.php?var1=avar2=bvar3= with a null $var3 will make the whole $_GET array null! A live demo can be found at: Everything is fine with Link 1: http://www.ruishi.info/forum/testwindnumeric.php?tid=123a=1b=2c=3 Then $_GET becomes null is the last variable $c is null in Link 2: http://www.ruishi.info/forum/testwindnumeric.php?tid=123a=1b=2c= Reproduce code: --- $tid=?=$_GET['tid']?br ?php require_once('./testglobal.php'); echo $tidbr; echo $_GET['tid']; echo \$_GET=; print_r($_GET); echo br; if(!is_numeric($_GET['tid'])) echo('invalid id number'); ? In testglobal.php, the related sections: print_r($_GET); echo br; unset($GLOBALS,$_ENV,$HTTP_ENV_VARS,$_REQUEST,$HTTP_POST_VARS,$HTTP_GET_VARS,$HTTP_POST_FILES,$HTTP_COOKIE_VARS); $Is_Gmqgg=get_magic_quotes_gpc(); if(!$Is_Gmqgg){ Add_S($_POST); Add_S($_GET); Add_S($_COOKIE); } print_r($_GET); echo br; .. Expected result: For Link 1, the result is correct. For Link 2, the correct result should be: Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = 3 ) Actual result: -- For Link 2, the actual incorrect result is: Array ( ) -- Edit bug report at http://bugs.php.net/?id=30523edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=30523r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=30523r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=30523r=trysnapshot51 Fixed in CVS:http://bugs.php.net/fix.php?id=30523r=fixedcvs Fixed in release:http://bugs.php.net/fix.php?id=30523r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=30523r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=30523r=needscript Try newer version: http://bugs.php.net/fix.php?id=30523r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=30523r=support Expected behavior: http://bugs.php.net/fix.php?id=30523r=notwrong Not enough info: http://bugs.php.net/fix.php?id=30523r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=30523r=submittedtwice register_globals:http://bugs.php.net/fix.php?id=30523r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=30523r=php3 Daylight Savings:http://bugs.php.net/fix.php?id=30523r=dst IIS Stability: http://bugs.php.net/fix.php?id=30523r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=30523r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=30523r=float MySQL Configuration Error: http://bugs.php.net/fix.php?id=30523r=mysqlcfg
#30523 [Opn]: _GET bug with null last var persists
ID: 30523 User updated by: support at ruishi dot info Reported By: support at ruishi dot info Status: Open Bug Type: URL related Operating System: Linux SUSE PHP Version: 4.3.9 New Comment: A typo in the submission (in the section of Expected Result): -- For Link 2, the correct result should be: Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = 3 ) -- should be: Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = NULL or ''?) Previous Comments: [2004-10-21 23:19:42] support at ruishi dot info Description: The bug described earlier in http://bugs.php.net/bug.php?id=28221 by some sir else still persists in PHP-4.3.9, Suse Linux. The problem is: The request page.php?var1=avar2=bvar3=c sets the $_GET array correctly, but a slightly different request page.php?var1=avar2=bvar3= with a null $var3 will make the whole $_GET array null! A live demo can be found at: Everything is fine with Link 1: http://www.ruishi.info/forum/testwindnumeric.php?tid=123a=1b=2c=3 Then $_GET becomes null is the last variable $c is null in Link 2: http://www.ruishi.info/forum/testwindnumeric.php?tid=123a=1b=2c= Reproduce code: --- $tid=?=$_GET['tid']?br ?php require_once('./testglobal.php'); echo $tidbr; echo $_GET['tid']; echo \$_GET=; print_r($_GET); echo br; if(!is_numeric($_GET['tid'])) echo('invalid id number'); ? In testglobal.php, the related sections: print_r($_GET); echo br; unset($GLOBALS,$_ENV,$HTTP_ENV_VARS,$_REQUEST,$HTTP_POST_VARS,$HTTP_GET_VARS,$HTTP_POST_FILES,$HTTP_COOKIE_VARS); $Is_Gmqgg=get_magic_quotes_gpc(); if(!$Is_Gmqgg){ Add_S($_POST); Add_S($_GET); Add_S($_COOKIE); } print_r($_GET); echo br; .. Expected result: For Link 1, the result is correct. For Link 2, the correct result should be: Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = 3 ) Actual result: -- For Link 2, the actual incorrect result is: Array ( ) -- Edit this bug report at http://bugs.php.net/?id=30523edit=1