php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #20796 Overridden Get, Post and Cookie data with register_globals turned on
Submitted: 2002-12-03 12:25 UTC Modified: 2002-12-07 10:08 UTC
From: pages at inrp dot fr Assigned:
Status: Closed Package: Variables related
PHP Version: 4.3.0-rc2 OS: Red Hat 8.0
Private report: No CVE-ID:
 [2002-12-03 12:25 UTC] pages at inrp dot fr
With register_globals turned on, if 3 variables WITH THE
SAME NAME are defined in your script (one as a Get
variable, one as a Post variable and one as a Cookie
variable) and if this name is an ARRAY ELEMENT (let's
say foo[ab]), then $_GET["foo"]["ab"] and
$_POST["foo"]["ab"] will both be set to $_COOKIE["foo"]["ab"].

Let's try it.

First, write the script "print_gpc.php" :

<?php
echo '$_GET';
echo "<PRE>";
print_r($_GET);
echo "</PRE>";

echo '$_POST';
echo "<PRE>";
print_r($_POST);
echo "</PRE>";

echo '$_COOKIE';
echo "<PRE>";
print_r($_COOKIE);
echo "</PRE>";
?>

Then call the form below ("test.php") in your browser :

<?php setcookie("foo[ab]","I_am_a_cookie"); ?>
<FORM METHOD="POST" ACTION="print_gpc.php?foo[ab]=I_am_a_get_value">
<INPUT TYPE="submit" NAME="foo[ab]" VALUE="OK">
</FORM>

and clic on the OK button.

If you have register_globals turned off, you will see
what you expect :

$_GET

Array
(
    [foo] => Array
        (
            [ab] => I_am_a_get_value
        )

)

$_POST

Array
(
    [foo] => Array
        (
            [ab] => OK
        )

)

$_COOKIE

Array
(
    [foo] => Array
        (
            [ab] => I_am_a_cookie
        )

)

but if you have register_globals turned on,
you will have $_GET["foo"]["ab"] == "I_am_a_cookie"
and $_POST["foo"]["ab"] == "I_am_a_cookie".

Strangly, this problem does not occur if the cookie name
is NOT an array element EVEN if register_globals is
turned On. (Try to replace "foo[ab]" by "foo" in the
"test.php" form.)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-12-03 13:28 UTC] iliaa@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

This is why register_globals is dangerous, if there are variables with the same name they get over-written. This is why you should keep it off.
You can control the order of the way variables passed via GET/POST/COOKIE/FILES are registered via the gpc_order ini setting.
 [2002-12-03 14:31 UTC] philip@php.net
Just verified this bug, so:

a) Only arrays are affected.
b) Only affected if register_globals = on
c) This is a bug, $_GET for example should never have a
   COOKIE value it in.

Here's another piece of test code, and the results with register_globals = on.  When register_globals = off, everything works as expected.


<?php
  setcookie("a[foo]","I_AM_A_COOKIE");
  setcookie("b", "I_AM_ALSO_A_COOKIE");
  setcookie("c", "bar");
?>
<FORM METHOD="POST" ACTION="print_gpc?a[foo]=a_get_vale&b=another_get&c=bar">
  <input type="hidden" name="a[foo]" value="a_post_value">
  <input type="hidden" name="b" value="another_post">
  <input type="hidden" name="c" value="bar">
  <input type="submit" name="submit" value="submit">
</FORM>

And:

<pre>
<?php
echo "\nGET\n";     print_r($_GET);
echo "\nPOST\n";    print_r($_POST);
echo "\nCOOKIE\n";  print_r($_COOKIE);
echo "\nREQUEST\n"; print_r($_REQUEST);
?>
</pre>

Provides us with:

GET
Array
(
    [a] => Array
        (
            [foo] => I_AM_A_COOKIE
        )

    [b] => another_get
    [c] => bar
)

POST
Array
(
    [a] => Array
        (
            [foo] => I_AM_A_COOKIE
        )

    [b] => another_post
    [c] => bar
    [submit] => submit
)

COOKIE
Array
(
    [a] => Array
        (
            [foo] => I_AM_A_COOKIE
        )

    [b] => I_AM_ALSO_A_COOKIE
    [c] => bar
)

REQUEST
Array
(
    [a] => Array
        (
            [foo] => I_AM_A_COOKIE
        )

    [b] => I_AM_ALSO_A_COOKIE
    [c] => bar
    [submit] => submit
)

$_REQUEST of course works as expected according to the variables_order directive.



 [2002-12-03 18:22 UTC] philip@php.net
Marking as critical as this bug causes autoglobals 
to be unreliable.


 [2002-12-07 10:08 UTC] iliaa@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 13:01:59 2014 UTC