PHP :: Bug #22979 :: session index names and same name variables prob even with register

Bug #22979	session index names and same name variables prob even with register_globals off
Submitted:	2003-03-31 07:22 UTC	Modified:	2003-03-31 07:35 UTC
From:	mailinglist dot phpnet at hydras-world dot com	Assigned:
Status:	Not a bug	Package:	Variables related
PHP Version:	4.3.1	OS:	*nix
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	mailinglist dot phpnet at hydras-world dot com
New email:
PHP Version:		OS:

New Comment:

[2003-03-31 07:22 UTC] mailinglist dot phpnet at hydras-world dot com

I wasn't using session_register to register global variables in my code and all session access was through $_SESSION[] so the "register_globals = off" setting shouldn't affect my code, but it did!

I wrote all my code with the knowledge that register_globals defaults to OFF on most web-servers and that having the setting off is also more secure.

The problem comes about when having variable names the same as index names in the $_SESSION array and when they're not supposed to be set to the same thing.

e.g.

$ordernumber = $_SESSION['ordernumber'];
$ordernumber++;

This would have the effect of doing this too:
$_SESSION['ordernumber']++;

Not good!

The solution however was quite simple, and I just used upper case names as my $_SESSION index names.

so $_SESSION['ordernumber'] now becomes $_SESSION['ORDERNUMBER'].

I've confirmed this to be a bug on the *nix webserver that my ISP uses, but can't reproduce it with a default install in php 4.2.3 and 4.3.1 on my WinXP IIS5.1 setup.

To help you out, I added a php script to a test site that shows the problem, along with the output of a phpinfo() call.

Here's the script:

==== SCRIPT START ====

<?php

ob_start();
session_start();
?>
<html>
<body>
<?php

echo "Session Now: "; var_dump($_SESSION); echo "<br>";

$_SESSION['ordernumber'] = 5;
$ordernumber = $_SESSION['ordernumber'];

echo "ordernumber = $ordernumber<br>";
echo "Session Before: "; var_dump($_SESSION); echo "<br>";

$ordernumber++;

echo "ordernumber = $ordernumber<br>";
echo "Session After: "; var_dump($_SESSION); echo "<br>";

?>
<p>PhpInfo: <? phpinfo(); ?></p>
</body>
</html>

==== SCRIPT END ====

When the script is run on the ISP's web server this is the output:

Session Now: array(1) { ["ordernumber"]=> &int(6) } 
ordernumber = 5
Session Before: array(1) { ["ordernumber"]=> &int(5) } 
ordernumber = 6
Session After: array(1) { ["ordernumber"]=> &int(6) } 

Notice the int(6) on the line above - BAD!

When the script is run on my system this is the output:

Session Now: array(1) { ["ordernumber"]=> int(5) } 
ordernumber = 5
Session Before: array(1) { ["ordernumber"]=> int(5) } 
ordernumber = 6
Session After: array(1) { ["ordernumber"]=> int(5) } 

Notice the int(5) on the line above! - CORRECT!

here's a link to the script, so you can test it for yourselves:

http://www.loudretail.com/sessionproblem.php

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-03-31 07:32 UTC] rioter@php.net

as you can see register globals is on in your php.ini
as its not a bug in php its self marking as bogus

[2003-03-31 07:35 UTC] mailinglist dot phpnet at hydras-world dot com

My ISP told my it was OFF, so i took them at their word.  I just noticed this myself and was heading back here to cancel this bug report.

Apologies

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Nov 04 10:00:02 2025 UTC