php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #39450 getenv() fills $_POST-Array
Submitted: 2006-11-09 14:30 UTC Modified: 2007-01-20 22:16 UTC
Votes:3
Avg. Score:2.7 ± 1.7
Reproduced:3 of 3 (100.0%)
Same Version:3 (100.0%)
Same OS:0 (0.0%)
From: patrik dot mayer at i12 dot de Assigned: iliaa (profile)
Status: Closed Package: Unknown/Other Function
PHP Version: 5.2.0 OS: SuSE 10, 2.6.13-15.12-smp
Private report: No CVE-ID: None
 [2006-11-09 14:30 UTC] patrik dot mayer at i12 dot de
Description:
------------
The getenv() function fills the $_POST-Array for every variable that it gets from the environment. So, if you want to getenv "HTTP_HOST" you will have $_POST['HTTP_HOST'] filled after the getenv() Statement.


Reproduce code:
---------------
<?php
echo "<pre>".print_r($_POST, true)."</pre><br/><br/>";

echo getenv('SERVER_PROTOCOL').'<br/>';
echo getenv('REMOTE_PORT').'<br/>';
echo "<br/>";

echo "<pre>".print_r($_POST, true)."</pre>";
?>

Expected result:
----------------
Array
(
)

HTTP/1.1
4175

Array
(
)

//tested on PHP 5.1.6

Actual result:
--------------
Array
(
)

HTTP/1.1
4175

Array
(
    [HTTP_HOST] => development.i12.de
    [SERVER_PROTOCOL] => HTTP/1.1
    [REMOTE_PORT] => 4175
)


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-11-09 17:06 UTC] tony2001@php.net
Cannot reproduce with both Apache and Apache2 on SuSE.
 [2006-11-10 08:36 UTC] patrik dot mayer at i12 dot de
Hmm, can anyone confirm this?

What could I have done wrong?

thnx.
 [2006-11-10 09:48 UTC] tony2001@php.net
I don't think anybody else can confirm this, as it sounds .. well.. like a pure nonsense.
Please rebuild PHP and try on another machine.
 [2006-11-10 13:03 UTC] patrik dot mayer at i12 dot de
I've done a little bit more testing - sorry that I have'nt done this before.

It seems that on our development Server register_globals is On. So i turned it off - same result. But in second stage i realized that register_long_arrays is also On. Turned this Off too and it worked.

So, if register_globals OR register_long_arrays is On getenv() writes the catched environment-variables to the $_POST-Array.

Thanks for your patience.
 [2006-11-10 13:04 UTC] patrik dot mayer at i12 dot de
PS: Tested it the same way with PHP 5.1.6 and there no wrong behavior.
 [2006-11-10 13:18 UTC] tony2001@php.net
I'm still unable to reproduce it, even with register_* On.
 [2006-11-11 22:37 UTC] rasmus@php.net
I don't see how this is possible looking at the getenv() code.  It doesn't do any populating of request variables.
 [2006-11-13 18:10 UTC] patrik dot mayer at i12 dot de
Hi again - I've tested some more.

I've tested our installation with the two standard config-files, php.ini-dist and php.ini-recommended unter php.ini-recommended the error occurs.

So I tracked the diferences. I you set variables_order = "GPCS" and register_globals = On  (remember, register_long_arrays is also On). So if you turn variables_order to EGPCS it works perfect.

Could someone confirm this or did I missunderstand something?

I tried to reproduce it uner PHP 5.2.0 CLI on Windows - all is working there. Sorry that I d?n't have antoher SuSE to test it on - maybe this week.

Thanks everybody.
 [2006-11-13 18:12 UTC] patrik dot mayer at i12 dot de
Sorry for the typos. I meant:

If you set variables_order = "GPCS" and register_globals = On PHP produces the error.
 [2006-11-14 10:35 UTC] patrik dot mayer at i12 dot de
Maybe our configure String would help.

'./configure' '--prefix=/opt/php' '--with-config-file-path=/etc/php' '--with-apxs2=/opt/apache/bin/apxs' '--disable-ipv6' '--with-mysql=/usr' '--with-mysqli=/usr/bin/mysql_config' '--enable-mime-magic' '--enable-memory-limit' '--enable-debug=no' '--enable-track-vars' '--with-gd' '--with-zlib' '--with-ttf' '--with-freetype-dir=/usr' '--with-jpeg-dir=/usr' '--with-xpm-dir=/usr/X11R6' '--with-png-dir=/usr' '--enable-ftp' '--with-libxml-dir=/usr' '--with-iconv' '--with-curl' '--without-pear' '--with-ldap' '--enable-bcmath' '--with-openssl' '--enable-exif' '--with-xmlrpc' '--enable-sockets' '--enable-pcntl' '--enable-sigchild' '--enable-sysvshm' '--enable-memcache'
 [2006-11-15 12:40 UTC] tony2001@php.net
Please make sure you don't have any zend_extensions or other third party modules, which can affect PHP's behaviour.
 [2006-11-20 13:21 UTC] patrik dot mayer at i12 dot de
Nope, there are non loaded.
 [2006-11-20 13:26 UTC] tony2001@php.net
Well, we still have not idea how to reproduce this.
Please show your phpinfo().
 [2006-11-27 14:52 UTC] patrik dot mayer at i12 dot de
Hi,

sorry for not getting back soon.

I've emailed our phpinfo() to tony2001 (at) php (dot) net.
Hopefully you can see anything where the behavior could come from. 

At the moment we are fine by setting variables_order from GPCS to EGPCS.

Big thnx from germany.
 [2006-12-15 22:14 UTC] balue at gmail dot com
I'm experiencing the same issue as well using:
Apache 1.3.37
PHP 5.2
FreeBSD 4.11 (most current patches)

This did not happen in 5.1.6.  And Yes, changing the variable_order to EGPCS fixed it as well.
 [2006-12-21 17:06 UTC] fugacityguy-developer at yahoo dot com
I am getting a similar behavior where calling getenv() is populating the $_FILES global:

<?
var_dump($_FILES);
echo "<br>\n";
$h = getenv('DOCUMENT_ROOT');
var_dump($_FILES);
?>
yields:

array(0) { } array(0) { }
array(1) { ["DOCUMENT_ROOT"]=> string(26) "/usr/csite/WebServer/html/" }

This is PHP 5.2.0 on Redhat Enterprise Linux 4.
 [2006-12-21 21:42 UTC] smlerman at gmail dot com
Confirmed on Windows XP Professional.

register_globals = Off
register_long_arrays = Off
variables_order = GPCS

Changing variables_order to EGPCS does seem to fix the problem.
 [2007-01-20 22:16 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 12:01:31 2024 UTC