Overridden Get, Post and Cookie data with register_globals turned on
| Bug #20796 | Overridden Get, Post and Cookie data with register_globals turned on | ||||
|---|---|---|---|---|---|
| Submitted: | 2002-12-03 12:25 UTC | Modified: | 2002-12-07 10:08 UTC | ||
| From: | pages at inrp dot fr | Assigned: | |||
| Status: | Closed | Package: | Variables related | ||
| PHP Version: | 4.3.0-rc2 | OS: | Red Hat 8.0 | ||
| Private report: | No | CVE-ID: | None | ||
[2002-12-03 12:25 UTC] pages at inrp dot fr
With register_globals turned on, if 3 variables WITH THE
SAME NAME are defined in your script (one as a Get
variable, one as a Post variable and one as a Cookie
variable) and if this name is an ARRAY ELEMENT (let's
say foo[ab]), then $_GET["foo"]["ab"] and
$_POST["foo"]["ab"] will both be set to $_COOKIE["foo"]["ab"].
Let's try it.
First, write the script "print_gpc.php" :
<?php
echo '$_GET';
echo "<PRE>";
print_r($_GET);
echo "</PRE>";
echo '$_POST';
echo "<PRE>";
print_r($_POST);
echo "</PRE>";
echo '$_COOKIE';
echo "<PRE>";
print_r($_COOKIE);
echo "</PRE>";
?>
Then call the form below ("test.php") in your browser :
<?php setcookie("foo[ab]","I_am_a_cookie"); ?>
<FORM METHOD="POST" ACTION="print_gpc.php?foo[ab]=I_am_a_get_value">
<INPUT TYPE="submit" NAME="foo[ab]" VALUE="OK">
</FORM>
and clic on the OK button.
If you have register_globals turned off, you will see
what you expect :
$_GET
Array
(
[foo] => Array
(
[ab] => I_am_a_get_value
)
)
$_POST
Array
(
[foo] => Array
(
[ab] => OK
)
)
$_COOKIE
Array
(
[foo] => Array
(
[ab] => I_am_a_cookie
)
)
but if you have register_globals turned on,
you will have $_GET["foo"]["ab"] == "I_am_a_cookie"
and $_POST["foo"]["ab"] == "I_am_a_cookie".
Strangly, this problem does not occur if the cookie name
is NOT an array element EVEN if register_globals is
turned On. (Try to replace "foo[ab]" by "foo" in the
"test.php" form.)
Patches
Pull Requests
History
AllCommentsChangesGit/SVN commits
[2002-12-03 13:28 UTC] iliaa@php.net
[2002-12-03 14:31 UTC] philip@php.net
Just verified this bug, so: a) Only arrays are affected. b) Only affected if register_globals = on c) This is a bug, $_GET for example should never have a COOKIE value it in. Here's another piece of test code, and the results with register_globals = on. When register_globals = off, everything works as expected. <?php setcookie("a[foo]","I_AM_A_COOKIE"); setcookie("b", "I_AM_ALSO_A_COOKIE"); setcookie("c", "bar"); ?> <FORM METHOD="POST" ACTION="print_gpc?a[foo]=a_get_vale&b=another_get&c=bar"> <input type="hidden" name="a[foo]" value="a_post_value"> <input type="hidden" name="b" value="another_post"> <input type="hidden" name="c" value="bar"> <input type="submit" name="submit" value="submit"> </FORM> And: <pre> <?php echo "\nGET\n"; print_r($_GET); echo "\nPOST\n"; print_r($_POST); echo "\nCOOKIE\n"; print_r($_COOKIE); echo "\nREQUEST\n"; print_r($_REQUEST); ?> </pre> Provides us with: GET Array ( [a] => Array ( [foo] => I_AM_A_COOKIE ) [b] => another_get [c] => bar ) POST Array ( [a] => Array ( [foo] => I_AM_A_COOKIE ) [b] => another_post [c] => bar [submit] => submit ) COOKIE Array ( [a] => Array ( [foo] => I_AM_A_COOKIE ) [b] => I_AM_ALSO_A_COOKIE [c] => bar ) REQUEST Array ( [a] => Array ( [foo] => I_AM_A_COOKIE ) [b] => I_AM_ALSO_A_COOKIE [c] => bar [submit] => submit ) $_REQUEST of course works as expected according to the variables_order directive.[2002-12-03 18:22 UTC] philip@php.net
[2002-12-07 10:08 UTC] iliaa@php.net