PHP :: Doc Bug #13645 :: variables_order influences HTTP_*

Doc Bug #13645	variables_order influences HTTP_*_VARS
Submitted:	2001-10-11 18:10 UTC	Modified:	2002-06-10 05:50 UTC
From:	hp at oeri dot ch	Assigned:
Status:	Closed	Package:	Documentation problem
PHP Version:	4.0.6	OS:	Mandrake Linux 8.0
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	hp at oeri dot ch
New email:
PHP Version:		OS:

New Comment:

[2001-10-11 18:10 UTC] hp at oeri dot ch

As for the logic of the php.ini texts, I understand variables_order defines the order in which vars are assigned into global space. track_vars should enable ALL HTTP_*_VARS.

However, leaving out one of egpcs in variables_order disables the corresponding HTTP_*_VARS! (empty array)

Besides the point, that this seems to be not-as-documented, "correct" behaviour would solve a whole lot of security problems:

; only assign "safe" variables to global space, but DO
; assign them -> convenience for safe vars!
variables_order = "S"
; access all other by HTTP_*_VARS
track_vars = on
Please correct me, if I'm wrong.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-10-20 20:16 UTC] sniper@php.net

This is intended behaviour but you're right about it
not being documented. This should be mentioned at: http://www.php.net/manual/en/language.variables.predefined.php

Also, the new global variables for 4.1.0 are undocumented:

$_GET
$_POST
$_COOKIE
$_SERVER
$_ENV
$_FILES
$_REQUEST

and import_request_variables() function is not documented.

--Jani

p.s. track_vars is enabled always regardless of any settings since 4.0.3

[2002-06-10 05:50 UTC] mfischer@php.net

This bug has been fixed in CVS. You can grab a snapshot of the
CVS version at http://snaps.php.net/. In case this was a documentation 
problem, the fix will show up soon at http://www.php.net/manual/.
In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites.
Thank you for the report, and for helping us make PHP better.

[2020-02-07 06:12 UTC] phpdocbot@php.net

Automatic comment on behalf of mfischer
Revision: http://git.php.net/?p=doc/en.git;a=commit;h=8029eed94b0fcba2416bbb5cf54befd652bc8a39
Log: - Fix #13645.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Nov 10 12:00:02 2025 UTC