PHP :: Bug #20796 :: Overridden Get, Post and Cookie data with register

Bug #20796	Overridden Get, Post and Cookie data with register_globals turned on
Submitted:	2002-12-03 12:25 UTC	Modified:	2002-12-07 10:08 UTC
From:	pages at inrp dot fr	Assigned:
Status:	Closed	Package:	Variables related
PHP Version:	4.3.0-rc2	OS:	Red Hat 8.0
Private report:	No	CVE-ID:	None

View Developer Edit

[2002-12-03 12:25 UTC] pages at inrp dot fr

With register_globals turned on, if 3 variables WITH THE
SAME NAME are defined in your script (one as a Get
variable, one as a Post variable and one as a Cookie
variable) and if this name is an ARRAY ELEMENT (let's
say foo[ab]), then $_GET["foo"]["ab"] and
$_POST["foo"]["ab"] will both be set to $_COOKIE["foo"]["ab"].

Let's try it.

First, write the script "print_gpc.php" :

<?php
echo '$_GET';
echo "<PRE>";
print_r($_GET);
echo "</PRE>";

echo '$_POST';
echo "<PRE>";
print_r($_POST);
echo "</PRE>";

echo '$_COOKIE';
echo "<PRE>";
print_r($_COOKIE);
echo "</PRE>";
?>

Then call the form below ("test.php") in your browser :

<?php setcookie("foo[ab]","I_am_a_cookie"); ?>
<FORM METHOD="POST" ACTION="print_gpc.php?foo[ab]=I_am_a_get_value">
<INPUT TYPE="submit" NAME="foo[ab]" VALUE="OK">
</FORM>

and clic on the OK button.

If you have register_globals turned off, you will see
what you expect :

$_GET

Array
(
    [foo] => Array
        (
            [ab] => I_am_a_get_value
        )

)

$_POST

Array
(
    [foo] => Array
        (
            [ab] => OK
        )

)

$_COOKIE

Array
(
    [foo] => Array
        (
            [ab] => I_am_a_cookie
        )

)

but if you have register_globals turned on,
you will have $_GET["foo"]["ab"] == "I_am_a_cookie"
and $_POST["foo"]["ab"] == "I_am_a_cookie".

Strangly, this problem does not occur if the cookie name
is NOT an array element EVEN if register_globals is
turned On. (Try to replace "foo[ab]" by "foo" in the
"test.php" form.)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-12-03 13:28 UTC] iliaa@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

This is why register_globals is dangerous, if there are variables with the same name they get over-written. This is why you should keep it off.
You can control the order of the way variables passed via GET/POST/COOKIE/FILES are registered via the gpc_order ini setting.

[2002-12-03 14:31 UTC] philip@php.net

Just verified this bug, so:

a) Only arrays are affected.
b) Only affected if register_globals = on
c) This is a bug, $_GET for example should never have a
   COOKIE value it in.

Here's another piece of test code, and the results with register_globals = on.  When register_globals = off, everything works as expected.


<?php
  setcookie("a[foo]","I_AM_A_COOKIE");
  setcookie("b", "I_AM_ALSO_A_COOKIE");
  setcookie("c", "bar");
?>
<FORM METHOD="POST" ACTION="print_gpc?a[foo]=a_get_vale&b=another_get&c=bar">
  <input type="hidden" name="a[foo]" value="a_post_value">
  <input type="hidden" name="b" value="another_post">
  <input type="hidden" name="c" value="bar">
  <input type="submit" name="submit" value="submit">
</FORM>

And:

<pre>
<?php
echo "\nGET\n";     print_r($_GET);
echo "\nPOST\n";    print_r($_POST);
echo "\nCOOKIE\n";  print_r($_COOKIE);
echo "\nREQUEST\n"; print_r($_REQUEST);
?>
</pre>

Provides us with:

GET
Array
(
    [a] => Array
        (
            [foo] => I_AM_A_COOKIE
        )

    [b] => another_get
    [c] => bar
)

POST
Array
(
    [a] => Array
        (
            [foo] => I_AM_A_COOKIE
        )

    [b] => another_post
    [c] => bar
    [submit] => submit
)

COOKIE
Array
(
    [a] => Array
        (
            [foo] => I_AM_A_COOKIE
        )

    [b] => I_AM_ALSO_A_COOKIE
    [c] => bar
)

REQUEST
Array
(
    [a] => Array
        (
            [foo] => I_AM_A_COOKIE
        )

    [b] => I_AM_ALSO_A_COOKIE
    [c] => bar
    [submit] => submit
)

$_REQUEST of course works as expected according to the variables_order directive.

[2002-12-03 18:22 UTC] philip@php.net

Marking as critical as this bug causes autoglobals 
to be unreliable.

[2002-12-07 10:08 UTC] iliaa@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Oct 27 20:00:01 2025 UTC