php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80915 Taking a reference to $_SERVER hides it's values from phpinfo()
Submitted: 2021-03-29 17:25 UTC Modified: 2021-03-30 11:57 UTC
From: donatj at gmail dot com Assigned: cmb (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 8.0.3 OS: All
Private report: No CVE-ID: None
 [2021-03-29 17:25 UTC] donatj at gmail dot com
Description:
------------
$_SERVER disappeared from our admin phpinfo page, after a bit of poking I figured 
out a middleware we're using takes a reference to $_SERVER.

It only reads, doesn't write to it at all - but it breaks phpinfo.

This can be seen in my given example code where simply:

$foo =& $_SERVER;

breaks phpinfo's variable output


Test script:
---------------
<?php

echo "---- Expected Output ----\n\n";

\phpinfo(INFO_VARIABLES);

echo "\n\n---- Actual Broken Output ----\n\n";

$foo =& $_SERVER;

\phpinfo(INFO_VARIABLES);

echo "\n\n---- Proof that \$_SERVER isn't broken ----\n\n";

print_r($_SERVER);


Expected result:
----------------
(truncated to relevant output)

phpinfo()

PHP Variables

Variable => Value
$_SERVER['TMPDIR'] => /var/folders/dr/cpm01_51333c1px2yzc8qr9xq1kth0/T/
$_SERVER['__CF_USER_TEXT_ENCODING'] => 0x6E196A00:0x0:0x0
$_SERVER['HOME'] => /Users/jdonat
$_SERVER['SHELL'] => /bin/zsh
$_SERVER['Apple_PubSub_Socket_Render'] => /private/tmp/com.apple.launchd.d1nNRxAouL/Render
$_SERVER['SSH_AUTH_SOCK'] => /private/tmp/com.apple.launchd.7DMDsXS1qP/Listeners
$_SERVER['PATH'] => /usr/bin:/bin:/usr/sbin:/sbin
$_SERVER['LOGNAME'] => jdonat
$_SERVER['DISPLAY'] => /private/tmp/com.apple.launchd.DHo7IG8khp/org.macosforge.xquartz:0
$_SERVER['XPC_SERVICE_NAME'] => com.electron.standard-otter.146872
$_SERVER['USER'] => jdonat
$_SERVER['XPC_FLAGS'] => 0x0
$_SERVER['PHP_SELF'] => -
$_SERVER['SCRIPT_NAME'] => -
$_SERVER['SCRIPT_FILENAME'] => 
$_SERVER['PATH_TRANSLATED'] => 
$_SERVER['DOCUMENT_ROOT'] => 
$_SERVER['REQUEST_TIME_FLOAT'] => 1617038447.9799
$_SERVER['REQUEST_TIME'] => 1617038447
$_SERVER['argv'] => Array
(
    [0] => -
)

$_SERVER['argc'] => 1

Actual result:
--------------
(truncated to relevant output)

phpinfo()

PHP Variables

Variable => Value

Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-03-29 17:40 UTC] ecegefef dot wfwfwg at fff dot gg
clap on the fingers for pointless use of references and than even for special handled magic vars
 [2021-03-29 17:50 UTC] donatj at gmail dot com
It's not an entirely pointless use of references, just mostly.

If $_SERVER should change after declaring an instance from globals you might want to inherit those changes
 [2021-03-29 18:11 UTC] rowan dot collins at gmail dot com
Simpler reproduction case:

 php -r '$foo =& $_SERVER; phpinfo(INFO_VARIABLES);'

This works as expected on 5.6, but fails on 7.0 - which makes sense, as the implementation of references was heavily changed in that version.
 [2021-03-29 19:02 UTC] rowan dot collins at gmail dot com
The following pull request has been associated:

Patch Name: Handle reference zvals when outputting superglobals in phpinfo()
On GitHub:  https://github.com/php/php-src/pull/6818
Patch:      https://github.com/php/php-src/pull/6818.patch
 [2021-03-30 11:57 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC