from:"support at ruishi dot info"

#30523 [Opn]: _GET bug with null last var persists

2004-11-06 Thread support at ruishi dot info

 ID:   30523
 User updated by:  support at ruishi dot info
 Reported By:  support at ruishi dot info
 Status:   Open
 Bug Type: URL related
 Operating System: Linux SUSE
 PHP Version:  4.3.9
 New Comment:

It turned out to be a bug of suphp... After upgrading it to
suphp-0.5.2, the problem is solved. Btw, I am running Apache2. No idea
if it works for Apache1, however no wonder if it does.

This bug can be closed now. I suggest doing so, thanks.


Previous Comments:


[2004-10-28 22:28:02] support at ruishi dot info

Hello, some investigation reveals that the hosting company has its
reasons to run it using the CGI API, mainly because of the security
related to multi hosting users. If PHP is run using the Apache API,
then every hosting user can view other users' file (e.g. config files
containing passwords).

This problem seems to have existed for extremely long time (several
years), hope it wouldn't stay there forever... No guru could get rid of
it?

Is there any way around? See, one normally has to host his files on an
ISP's machine, but PHP is usually installed using the CGI API because
of the security reason mentioned above. If $_GET does not work
(probably other $_VARs as well), then most php scripts would be broken.
How could the Web site survive?

Has anyone collected information about which OSes are free from this
bug? SUSE seems to be problematic, how about debian and else?



[2004-10-22 11:10:36] support at ruishi dot info

in the output of phpinfo(), there does exist a line Server API: CGI.
I will check with our sysadmin to see if we can solve it by making it
an Apache2 module. Stay tuned please. More comments and suggestions are
welcome.



[2004-10-22 00:57:24] scottm at spamcop dot net

We've had customers with a similar issue but never found out the cause
of it, we had null session paramaters in the query string if they were
using cookies but for some reason or another some hosts just didn't
work. We were never able to find out what caused this in the first
place.

I've just searched through a few of the previous support tickets and
they varied from PHP 4.3.1 to PHP 4.3.4. They all ran PHP as a CGI
though.

Do you run PHP as a CGI?



[2004-10-21 23:55:32] support at ruishi dot info

A typo in the submission (in the section of Expected Result):

--
For Link 2, the correct result should be:

Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = 3 )
--

should be:

Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = NULL or ''?)



[2004-10-21 23:19:42] support at ruishi dot info

Description:

The bug described earlier in http://bugs.php.net/bug.php?id=28221 by
some sir else still persists in PHP-4.3.9, Suse Linux. The problem is:

The request page.php?var1=avar2=bvar3=c sets the $_GET array
correctly, but a slightly different request
page.php?var1=avar2=bvar3= with a null $var3 will make the whole
$_GET array null!

A live demo can be found at:

Everything is fine with Link 1:
http://www.ruishi.info/forum/testwindnumeric.php?tid=123a=1b=2c=3

Then $_GET becomes null is the last variable $c is null in Link 2:
http://www.ruishi.info/forum/testwindnumeric.php?tid=123a=1b=2c=




Reproduce code:
---
$tid=?=$_GET['tid']?br
?php
require_once('./testglobal.php');
echo $tidbr;
echo $_GET['tid'];
echo \$_GET=;
print_r($_GET);
echo br;
if(!is_numeric($_GET['tid'])) echo('invalid id number');
?

In testglobal.php, the related sections:

print_r($_GET);
echo br;

unset($GLOBALS,$_ENV,$HTTP_ENV_VARS,$_REQUEST,$HTTP_POST_VARS,$HTTP_GET_VARS,$HTTP_POST_FILES,$HTTP_COOKIE_VARS);
$Is_Gmqgg=get_magic_quotes_gpc();
if(!$Is_Gmqgg){
Add_S($_POST);
Add_S($_GET);
Add_S($_COOKIE);
}
print_r($_GET);
echo br;
..

Expected result:

For Link 1, the result is correct.
For Link 2, the correct result should be:

Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = 3 )

Actual result:
--
For Link 2, the actual incorrect result is:

Array ( )





-- 
Edit this bug report at http://bugs.php.net/?id=30523edit=1

#30523 [Opn]: _GET bug with null last var persists

2004-10-28 Thread support at ruishi dot info

 ID:   30523
 User updated by:  support at ruishi dot info
 Reported By:  support at ruishi dot info
 Status:   Open
 Bug Type: URL related
 Operating System: Linux SUSE
 PHP Version:  4.3.9
 New Comment:

Hello, some investigation reveals that the hosting company has its
reasons to run it using the CGI API, mainly because of the security
related to multi hosting users. If PHP is run using the Apache API,
then every hosting user can view other users' file (e.g. config files
containing passwords).

This problem seems to have existed for extremely long time (several
years), hope it wouldn't stay there forever... No guru could get rid of
it?

Is there any way around? See, one normally has to host his files on an
ISP's machine, but PHP is usually installed using the CGI API because
of the security reason mentioned above. If $_GET does not work
(probably other $_VARs as well), then most php scripts would be broken.
How could the Web site survive?

Has anyone collected information about which OSes are free from this
bug? SUSE seems to be problematic, how about debian and else?


Previous Comments:


[2004-10-22 11:10:36] support at ruishi dot info

in the output of phpinfo(), there does exist a line Server API: CGI.
I will check with our sysadmin to see if we can solve it by making it
an Apache2 module. Stay tuned please. More comments and suggestions are
welcome.



[2004-10-22 00:57:24] scottm at spamcop dot net

We've had customers with a similar issue but never found out the cause
of it, we had null session paramaters in the query string if they were
using cookies but for some reason or another some hosts just didn't
work. We were never able to find out what caused this in the first
place.

I've just searched through a few of the previous support tickets and
they varied from PHP 4.3.1 to PHP 4.3.4. They all ran PHP as a CGI
though.

Do you run PHP as a CGI?



[2004-10-21 23:55:32] support at ruishi dot info

A typo in the submission (in the section of Expected Result):

--
For Link 2, the correct result should be:

Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = 3 )
--

should be:

Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = NULL or ''?)



[2004-10-21 23:19:42] support at ruishi dot info

Description:

The bug described earlier in http://bugs.php.net/bug.php?id=28221 by
some sir else still persists in PHP-4.3.9, Suse Linux. The problem is:

The request page.php?var1=avar2=bvar3=c sets the $_GET array
correctly, but a slightly different request
page.php?var1=avar2=bvar3= with a null $var3 will make the whole
$_GET array null!

A live demo can be found at:

Everything is fine with Link 1:
http://www.ruishi.info/forum/testwindnumeric.php?tid=123a=1b=2c=3

Then $_GET becomes null is the last variable $c is null in Link 2:
http://www.ruishi.info/forum/testwindnumeric.php?tid=123a=1b=2c=




Reproduce code:
---
$tid=?=$_GET['tid']?br
?php
require_once('./testglobal.php');
echo $tidbr;
echo $_GET['tid'];
echo \$_GET=;
print_r($_GET);
echo br;
if(!is_numeric($_GET['tid'])) echo('invalid id number');
?

In testglobal.php, the related sections:

print_r($_GET);
echo br;

unset($GLOBALS,$_ENV,$HTTP_ENV_VARS,$_REQUEST,$HTTP_POST_VARS,$HTTP_GET_VARS,$HTTP_POST_FILES,$HTTP_COOKIE_VARS);
$Is_Gmqgg=get_magic_quotes_gpc();
if(!$Is_Gmqgg){
Add_S($_POST);
Add_S($_GET);
Add_S($_COOKIE);
}
print_r($_GET);
echo br;
..

Expected result:

For Link 1, the result is correct.
For Link 2, the correct result should be:

Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = 3 )

Actual result:
--
For Link 2, the actual incorrect result is:

Array ( )





-- 
Edit this bug report at http://bugs.php.net/?id=30523edit=1

#30523 [Opn]: _GET bug with null last var persists

2004-10-22 Thread support at ruishi dot info

 ID:   30523
 User updated by:  support at ruishi dot info
 Reported By:  support at ruishi dot info
 Status:   Open
 Bug Type: URL related
 Operating System: Linux SUSE
 PHP Version:  4.3.9
 New Comment:

in the output of phpinfo(), there does exist a line Server API: CGI.
I will check with our sysadmin to see if we can solve it by making it
an Apache2 module. Stay tuned please. More comments and suggestions are
welcome.


Previous Comments:


[2004-10-22 00:57:24] scottm at spamcop dot net

We've had customers with a similar issue but never found out the cause
of it, we had null session paramaters in the query string if they were
using cookies but for some reason or another some hosts just didn't
work. We were never able to find out what caused this in the first
place.

I've just searched through a few of the previous support tickets and
they varied from PHP 4.3.1 to PHP 4.3.4. They all ran PHP as a CGI
though.

Do you run PHP as a CGI?



[2004-10-21 23:55:32] support at ruishi dot info

A typo in the submission (in the section of Expected Result):

--
For Link 2, the correct result should be:

Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = 3 )
--

should be:

Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = NULL or ''?)



[2004-10-21 23:19:42] support at ruishi dot info

Description:

The bug described earlier in http://bugs.php.net/bug.php?id=28221 by
some sir else still persists in PHP-4.3.9, Suse Linux. The problem is:

The request page.php?var1=avar2=bvar3=c sets the $_GET array
correctly, but a slightly different request
page.php?var1=avar2=bvar3= with a null $var3 will make the whole
$_GET array null!

A live demo can be found at:

Everything is fine with Link 1:
http://www.ruishi.info/forum/testwindnumeric.php?tid=123a=1b=2c=3

Then $_GET becomes null is the last variable $c is null in Link 2:
http://www.ruishi.info/forum/testwindnumeric.php?tid=123a=1b=2c=




Reproduce code:
---
$tid=?=$_GET['tid']?br
?php
require_once('./testglobal.php');
echo $tidbr;
echo $_GET['tid'];
echo \$_GET=;
print_r($_GET);
echo br;
if(!is_numeric($_GET['tid'])) echo('invalid id number');
?

In testglobal.php, the related sections:

print_r($_GET);
echo br;

unset($GLOBALS,$_ENV,$HTTP_ENV_VARS,$_REQUEST,$HTTP_POST_VARS,$HTTP_GET_VARS,$HTTP_POST_FILES,$HTTP_COOKIE_VARS);
$Is_Gmqgg=get_magic_quotes_gpc();
if(!$Is_Gmqgg){
Add_S($_POST);
Add_S($_GET);
Add_S($_COOKIE);
}
print_r($_GET);
echo br;
..

Expected result:

For Link 1, the result is correct.
For Link 2, the correct result should be:

Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = 3 )

Actual result:
--
For Link 2, the actual incorrect result is:

Array ( )





-- 
Edit this bug report at http://bugs.php.net/?id=30523edit=1

#30523 [NEW]: _GET bug with null last var persists

2004-10-21 Thread support at ruishi dot info

From: support at ruishi dot info
Operating system: Linux SUSE
PHP version:  4.3.9
PHP Bug Type: URL related
Bug description:  _GET bug with null last var persists

Description:

The bug described earlier in http://bugs.php.net/bug.php?id=28221 by some
sir else still persists in PHP-4.3.9, Suse Linux. The problem is:

The request page.php?var1=avar2=bvar3=c sets the $_GET array
correctly, but a slightly different request page.php?var1=avar2=bvar3=
with a null $var3 will make the whole $_GET array null!

A live demo can be found at:

Everything is fine with Link 1:
http://www.ruishi.info/forum/testwindnumeric.php?tid=123a=1b=2c=3

Then $_GET becomes null is the last variable $c is null in Link 2:
http://www.ruishi.info/forum/testwindnumeric.php?tid=123a=1b=2c=




Reproduce code:
---
$tid=?=$_GET['tid']?br
?php
require_once('./testglobal.php');
echo $tidbr;
echo $_GET['tid'];
echo \$_GET=;
print_r($_GET);
echo br;
if(!is_numeric($_GET['tid'])) echo('invalid id number');
?

In testglobal.php, the related sections:

print_r($_GET);
echo br;

unset($GLOBALS,$_ENV,$HTTP_ENV_VARS,$_REQUEST,$HTTP_POST_VARS,$HTTP_GET_VARS,$HTTP_POST_FILES,$HTTP_COOKIE_VARS);
$Is_Gmqgg=get_magic_quotes_gpc();
if(!$Is_Gmqgg){
Add_S($_POST);
Add_S($_GET);
Add_S($_COOKIE);
}
print_r($_GET);
echo br;
..

Expected result:

For Link 1, the result is correct.
For Link 2, the correct result should be:

Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = 3 )

Actual result:
--
For Link 2, the actual incorrect result is:

Array ( )

-- 
Edit bug report at http://bugs.php.net/?id=30523edit=1
-- 
Try a CVS snapshot (php4):   http://bugs.php.net/fix.php?id=30523r=trysnapshot4
Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=30523r=trysnapshot50
Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=30523r=trysnapshot51
Fixed in CVS:http://bugs.php.net/fix.php?id=30523r=fixedcvs
Fixed in release:http://bugs.php.net/fix.php?id=30523r=alreadyfixed
Need backtrace:  http://bugs.php.net/fix.php?id=30523r=needtrace
Need Reproduce Script:   http://bugs.php.net/fix.php?id=30523r=needscript
Try newer version:   http://bugs.php.net/fix.php?id=30523r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=30523r=support
Expected behavior:   http://bugs.php.net/fix.php?id=30523r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=30523r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=30523r=submittedtwice
register_globals:http://bugs.php.net/fix.php?id=30523r=globals
PHP 3 support discontinued:  http://bugs.php.net/fix.php?id=30523r=php3
Daylight Savings:http://bugs.php.net/fix.php?id=30523r=dst
IIS Stability:   http://bugs.php.net/fix.php?id=30523r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=30523r=gnused
Floating point limitations:  http://bugs.php.net/fix.php?id=30523r=float
MySQL Configuration Error:   http://bugs.php.net/fix.php?id=30523r=mysqlcfg

#30523 [Opn]: _GET bug with null last var persists

2004-10-21 Thread support at ruishi dot info

 ID:   30523
 User updated by:  support at ruishi dot info
 Reported By:  support at ruishi dot info
 Status:   Open
 Bug Type: URL related
 Operating System: Linux SUSE
 PHP Version:  4.3.9
 New Comment:

A typo in the submission (in the section of Expected Result):

--
For Link 2, the correct result should be:

Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = 3 )
--

should be:

Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = NULL or ''?)


Previous Comments:


[2004-10-21 23:19:42] support at ruishi dot info

Description:

The bug described earlier in http://bugs.php.net/bug.php?id=28221 by
some sir else still persists in PHP-4.3.9, Suse Linux. The problem is:

The request page.php?var1=avar2=bvar3=c sets the $_GET array
correctly, but a slightly different request
page.php?var1=avar2=bvar3= with a null $var3 will make the whole
$_GET array null!

A live demo can be found at:

Everything is fine with Link 1:
http://www.ruishi.info/forum/testwindnumeric.php?tid=123a=1b=2c=3

Then $_GET becomes null is the last variable $c is null in Link 2:
http://www.ruishi.info/forum/testwindnumeric.php?tid=123a=1b=2c=




Reproduce code:
---
$tid=?=$_GET['tid']?br
?php
require_once('./testglobal.php');
echo $tidbr;
echo $_GET['tid'];
echo \$_GET=;
print_r($_GET);
echo br;
if(!is_numeric($_GET['tid'])) echo('invalid id number');
?

In testglobal.php, the related sections:

print_r($_GET);
echo br;

unset($GLOBALS,$_ENV,$HTTP_ENV_VARS,$_REQUEST,$HTTP_POST_VARS,$HTTP_GET_VARS,$HTTP_POST_FILES,$HTTP_COOKIE_VARS);
$Is_Gmqgg=get_magic_quotes_gpc();
if(!$Is_Gmqgg){
Add_S($_POST);
Add_S($_GET);
Add_S($_COOKIE);
}
print_r($_GET);
echo br;
..

Expected result:

For Link 1, the result is correct.
For Link 2, the correct result should be:

Array ( [tid] = 123 [a] = 1 [b] = 2 [c] = 3 )

Actual result:
--
For Link 2, the actual incorrect result is:

Array ( )





-- 
Edit this bug report at http://bugs.php.net/?id=30523edit=1

#30523 [Opn]: _GET bug with null last var persists

#30523 [Opn]: _GET bug with null last var persists

#30523 [Opn]: _GET bug with null last var persists

#30523 [NEW]: _GET bug with null last var persists

#30523 [Opn]: _GET bug with null last var persists

5 matches

Site Navigation

Mail list logo

Footer information