From: esko dot saajanto at code4m dot com Operating system: Debian PHP version: Irrelevant Package: Scripting Engine problem Bug Type: Bug Bug description:?& in header causes parameter problem
Description: ------------ PHP 5.3.3-7+squeeze8 with Suhosin-Patch (cli) (built: Feb 10 2012 13:05:56) I found out by a typo I've made that ?& in the header causes parameters used in the previus php pages to be submitted via POST and GET. This may be problem that should be fixed to prevent unwanted behavior in the systems built. Caused me a lot of effort to find out this! Regards Esko Saajanto Code4m Oy Test script: --------------- example: www.somesite.com?¶meter1¶meter2¶meter3.... So if I've used f.ex. parameter99 in some previous pages it comes along with this example as an variable to the page even when the is no $_GET or $_POST in the php script called by the header. So I can refer to a $valiable99 that has a value inherited somewhere from the previous pages because the ?& in the header. Expected result: ---------------- ?& in header digs out some parameters used in previus page calls and makes them variables with values in page that it shouldn't -- Edit bug report at https://bugs.php.net/bug.php?id=62943&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=62943&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=62943&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=62943&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=62943&r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=62943&r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=62943&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=62943&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=62943&r=needscript Try newer version: https://bugs.php.net/fix.php?id=62943&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=62943&r=support Expected behavior: https://bugs.php.net/fix.php?id=62943&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=62943&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=62943&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=62943&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=62943&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=62943&r=dst IIS Stability: https://bugs.php.net/fix.php?id=62943&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=62943&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=62943&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=62943&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=62943&r=mysqlcfg