From: jps at corah dot org Operating system: GNU/Linux PHP version: 5.0.0 PHP Bug Type: Strings related Bug description: magic_quotes_gpc = off not affecting GPC keys
Description: ------------ The $_GET, $_POST and $_COOKIE index keys (having the latter two not been confirmed) get escaped even when magic_quotes_gpc is disabled. This is not a big problem since few people will actually use special characters on those, but it seems inconsistent to me, so I am reporting it. I didn't really test the the $_POST and $_COOKIE variables, but I guess the behaviour would be the same. This problem does not affect other regular array keys. Personally I'd rather that you remove the whole magic_quotes stuff once and for all, and send all lame programmers who depend on it to hell, since this setting makes it much harder to write portable code and php has builtin functions to specificly escape strings. Reproduce code: --------------- <?php echo("magic_quotes_runtime is ". (get_magic_quotes_runtime() ? "on" : "off")."<br />"); echo("magic_quotes_gpc is ". (get_magic_quotes_gpc() ? "on" : "off")."<br />"); while (list($key, $val) = each($_GET)) echo(htmlentities($key." = ".$val)."<br />"); echo(htmlentities("For: ".$_SERVER["REQUEST_URI"])."<br />"); ?> Expected result: ---------------- magic_quotes_runtime is off magic_quotes_gpc is off "get" = "hello" For: /~jps/flot/calls/poc.php?"get"="hello" Actual result: -------------- magic_quotes_runtime is off magic_quotes_gpc is off \"get\" = "hello" For: /~jps/flot/calls/poc.php?"get"="hello" -- Edit bug report at http://bugs.php.net/?id=29776&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=29776&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=29776&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=29776&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=29776&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=29776&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=29776&r=needscript Try newer version: http://bugs.php.net/fix.php?id=29776&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=29776&r=support Expected behavior: http://bugs.php.net/fix.php?id=29776&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=29776&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=29776&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=29776&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=29776&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=29776&r=dst IIS Stability: http://bugs.php.net/fix.php?id=29776&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=29776&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=29776&r=float