|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2007-04-15 09:58 UTC] arpad@php.net
Description: ------------ When magic_quotes_gpc is on, it ignores the keys of array values in $_GET etc, despite escaping keys of scalar values and all keys in contained arrays. For example, the query string ?a'b=1 yields $_GET[a\'b] = 1, but ?a'b[a'b]=1 yields $_GET[a'b][a\'b] = 1. http://www.rajeczy.com/compat_gpc_tests.txt Reproduce code: --------------- ?a'b[a'b]=1 Expected result: ---------------- $_GET[a\'b][a\'b] = 1 Actual result: -------------- $_GET[a'b][a\'b] = 1 PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Mon Apr 07 15:01:31 2025 UTC |
This seems to fix it (as in the equivalent line for scalar values on 198): Index: php_variables.c =================================================================== RCS file: /repository/php-src/main/php_variables.c,v retrieving revision 1.104.2.10.2.7 diff -u -r1.104.2.10.2.7 php_variables.c --- php_variables.c 28 Mar 2007 09:14:08 -0000 1.104.2.10.2.7 +++ php_variables.c 15 Apr 2007 10:26:31 -0000 @@ -158,8 +158,7 @@ array_init(gpc_element); zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); } else { - if (PG(magic_quotes_gpc) && (index != var)) { - /* no need to addslashes() the index if it's the main variable name */ + if (PG(magic_quotes_gpc)) { escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC); } else { escaped_index = index;