php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #44754 Calling a bad eval() and then include(), resets $_REQUEST
Submitted: 2008-04-17 10:49 UTC Modified: 2008-07-21 20:39 UTC
From: famzah at icdsoft dot com Assigned:
Status: Not a bug Package: Scripting Engine problem
PHP Version: 5.2.5 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
 [2008-04-17 10:49 UTC] famzah at icdsoft dot com 
Description:
------------
If you modify an element of $_REQUEST, then call eval() with some syntax error, and then include() or require() another file, the changes in $_REQUEST are reset to the original values of $_REQUEST at script's startup time. The changes in $_REQUEST are permanently lost and the include()'d file as well as the main PHP file then operate with the reset $_REQUEST values.

Reproduce code:
---------------
* Proof of concept:

PHP 5.2.5 (bug):
http://famzah.net/evalbug/index.php?test=abcdef

PHP 4.4.8 (no bug):
http://famzah.net/evalbug/index.php4?test=abcdef

* Source code:

PHP 5.2.5 (bug):
http://famzah.net/evalbug/index.txt

PHP 4.4.8 (no bug):
http://famzah.net/evalbug/index4.txt


Expected result:
----------------
The expected behavior is that after the modification of an element in $_REQUEST, all included files as well as the main PHP file must operate with the modified values of $_REQUEST, because this is a super-global variable.

The above is currently true for all cases except when an eval() call is made which contains a syntax error. For example:
eval('this is a syntax error');

I reproduced the bug using the following PHP versions:
PHP 5.2.5 (cli), Zend Engine v2.2.0
PHP 5.2.5-3 with Suhosin-Patch 0.9.6.2 (cli), Zend Engine v2.2.0

The following PHP4 version does NOT have the bug:
PHP 4.4.8 (cli), Zend Engine v1.3.0

Actual result:
--------------
The bug situation is as follows:
- We call "index.php" with a GET parameter ?test=abcdef
- The script does and outputs the following:
index.php: $_REQUEST value is: abcdef
index.php: Modifying $_REQUEST by setting key 'test' to 'zzz'
index.php: $_REQUEST value is: zzz
index.php: Calling eval() with no syntax error.
index.php: Including the 'dump.php' file...
dump.php: $_REQUEST value is: zzz
index.php: $_REQUEST value is: zzz
index.php: Calling eval() with a syntax error.
index.php: $_REQUEST value is: zzz
index.php: Including the 'dump.php' file...
dump.php: $_REQUEST value is: abcdef
index.php: $_REQUEST value is: abcdef

The last two lines must contain the value 'zzz', not 'abcdef'.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-07-21 20:39 UTC] jani@php.net 
You're not supposed to modify any super-globals.
 [2012-09-12 23:46 UTC] rpavlicek at intacct dot com 
We're not "supposed" to do alot of things in programming (php or otherwise), but 
people do. We depend on consistent behavior. 

If setting super globals works in general, then suddenly breaks when a bad eval() 
takes place...how is that helpful? 

If its really not supposed to be done, shouldn't PHP throw a fatal error as soon 
as you try? Or are we supposed to accept "undefined behavior" when we assign 
superglobals?
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Oct 31 19:00:02 2025 UTC