PHP :: Bug #44754 :: Calling a bad eval() and then include(), resets $

Bug #44754	Calling a bad eval() and then include(), resets $_REQUEST
Submitted:	2008-04-17 10:49 UTC	Modified:	2008-07-21 20:39 UTC
From:	famzah at icdsoft dot com	Assigned:
Status:	Not a bug	Package:	Scripting Engine problem
PHP Version:	5.2.5	OS:	Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2008-04-17 10:49 UTC] famzah at icdsoft dot com

Description:
------------
If you modify an element of $_REQUEST, then call eval() with some syntax error, and then include() or require() another file, the changes in $_REQUEST are reset to the original values of $_REQUEST at script's startup time. The changes in $_REQUEST are permanently lost and the include()'d file as well as the main PHP file then operate with the reset $_REQUEST values.

Reproduce code:
---------------
* Proof of concept:

PHP 5.2.5 (bug):
http://famzah.net/evalbug/index.php?test=abcdef

PHP 4.4.8 (no bug):
http://famzah.net/evalbug/index.php4?test=abcdef

* Source code:

PHP 5.2.5 (bug):
http://famzah.net/evalbug/index.txt

PHP 4.4.8 (no bug):
http://famzah.net/evalbug/index4.txt


Expected result:
----------------
The expected behavior is that after the modification of an element in $_REQUEST, all included files as well as the main PHP file must operate with the modified values of $_REQUEST, because this is a super-global variable.

The above is currently true for all cases except when an eval() call is made which contains a syntax error. For example:
eval('this is a syntax error');

I reproduced the bug using the following PHP versions:
PHP 5.2.5 (cli), Zend Engine v2.2.0
PHP 5.2.5-3 with Suhosin-Patch 0.9.6.2 (cli), Zend Engine v2.2.0

The following PHP4 version does NOT have the bug:
PHP 4.4.8 (cli), Zend Engine v1.3.0

Actual result:
--------------
The bug situation is as follows:
- We call "index.php" with a GET parameter ?test=abcdef
- The script does and outputs the following:
index.php: $_REQUEST value is: abcdef
index.php: Modifying $_REQUEST by setting key 'test' to 'zzz'
index.php: $_REQUEST value is: zzz
index.php: Calling eval() with no syntax error.
index.php: Including the 'dump.php' file...
dump.php: $_REQUEST value is: zzz
index.php: $_REQUEST value is: zzz
index.php: Calling eval() with a syntax error.
index.php: $_REQUEST value is: zzz
index.php: Including the 'dump.php' file...
dump.php: $_REQUEST value is: abcdef
index.php: $_REQUEST value is: abcdef

The last two lines must contain the value 'zzz', not 'abcdef'.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-07-21 20:39 UTC] jani@php.net

You're not supposed to modify any super-globals.

[2012-09-12 23:46 UTC] rpavlicek at intacct dot com

We're not "supposed" to do alot of things in programming (php or otherwise), but 
people do. We depend on consistent behavior. 

If setting super globals works in general, then suddenly breaks when a bad eval() 
takes place...how is that helpful? 

If its really not supposed to be done, shouldn't PHP throw a fatal error as soon 
as you try? Or are we supposed to accept "undefined behavior" when we assign 
superglobals?

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri May 10 23:01:30 2024 UTC