Edit report at https://bugs.php.net/bug.php?id=62943&edit=1
ID: 62943 Updated by: ras...@php.net Reported by: esko dot saajanto at code4m dot com Summary: ?& in header causes parameter problem Status: Feedback Type: Bug Package: Scripting Engine problem Operating System: Debian PHP Version: 5.3.3-7+squeeze8 Block user comment: N Private report: N New Comment: Looking at the code I don't see how that is in any way possible. You are sure this isn't some session-related thing? Can you reproduce it with a simple script? How about if you disable Suhosin, does it still happen? Previous Comments: ------------------------------------------------------------------------ [2012-08-27 07:32:39] ahar...@php.net Ah, I see. That does sound very weird. I can't reproduce your described effects on PHP 5.4.6. I think we'll need a self-contained reproduction case that works on a stock 5.3.16 or 5.4.6 to have any hope here. ------------------------------------------------------------------------ [2012-08-27 07:07:36] esko dot saajanto at code4m dot com Hi. I'm not sure if I could make my case understandable. So the problem is not that I miss some parameter(s) in header but rather so that I get variables without $_GET and $_POST that I shouldn't get according the header sent. This is OK because the register globals is on - BUT - If the first character in the header after '?' is '&' so it brings me all the variables used in the previus pages even if I'd have only two parameters in my header. That shouldn't be the case? ------------------------------------------------------------------------ [2012-08-27 06:41:57] ahar...@php.net Please note that we don't generally accept bug reports involving Suhosin or distribution patched versions of PHP. My guess is that you're hitting the suhosin.get.max_vars limit because the initial & is registering another empty GET variable. Does increasing that fix the issue? ------------------------------------------------------------------------ [2012-08-27 06:29:56] esko dot saajanto at code4m dot com Description: ------------ PHP 5.3.3-7+squeeze8 with Suhosin-Patch (cli) (built: Feb 10 2012 13:05:56) I found out by a typo I've made that ?& in the header causes parameters used in the previus php pages to be submitted via POST and GET. This may be problem that should be fixed to prevent unwanted behavior in the systems built. Caused me a lot of effort to find out this! Regards Esko Saajanto Code4m Oy Test script: --------------- example: www.somesite.com?¶meter1¶meter2¶meter3.... So if I've used f.ex. parameter99 in some previous pages it comes along with this example as an variable to the page even when the is no $_GET or $_POST in the php script called by the header. So I can refer to a $valiable99 that has a value inherited somewhere from the previous pages because the ?& in the header. Expected result: ---------------- ?& in header digs out some parameters used in previus page calls and makes them variables with values in page that it shouldn't ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=62943&edit=1
