|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #22773 posted form variables mixed
Submitted: 2003-03-18 15:36 UTC Modified: 2003-03-28 11:55 UTC
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:2 (66.7%)
From: joe at mcknight dot de Assigned:
Status: Closed Package: CGI/CLI related
PHP Version: 4.3.2-RC OS: Linux
Private report: No CVE-ID: None
 [2003-03-18 15:36 UTC] joe at mcknight dot de
With these pages:

<form method="post" action="out.php">
  <input type="text" name="suchstr" size="20">
  <input type="submit" value="OK" name="B1">


echo "Variable \"suchstr\": $suchstr";
echo "<br>";
echo "Variable \"B1\": $B1";

I get (clicking on the button):

Variable "suchstr": abc&B1=OK
Variable "B1": OK

That means that "suchstr" got mixed with the name and value of Variable B1!

Feel free to ask for more information or tell me what I'm doing wrong  :-)


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-03-24 17:51 UTC]
I just tested again this, and could finally reproduce this.
(had an old cgi binary which read wrong php.ini, stupid me..)

Summary of conditions:

- only happens with the regular posts (ie. when rfc1867.c is used, it works fine, or GET method)

- register_globals has to be 'On'

- The posted value has to be longer than one (1) character

- Only the global variable gets mangled, $_POST[] array has the correct value

 [2003-03-24 18:06 UTC]
making critical (should really be fixed before 4.3.2 goes gold..)

 [2003-03-24 18:12 UTC]
How are you triggering the cgi?  ie. what does your Apache config look like?
 [2003-03-24 18:17 UTC]
It doesn't matter. I tried two different ways, both failed.
For example (otherwise default httpd.conf):

    AddType application/x-httpd-php .php
    ScriptAlias /php/ "/www/apache/cgi-bin/"
    Action application/x-httpd-php /php/php-cgi

 [2003-03-24 18:33 UTC]
That means a command-line test case in tests/basic should fail as well.
 [2003-03-25 05:52 UTC]
Related to bug #22612

 [2003-03-27 12:16 UTC]
This problem is a rather interesting one, it appears that in CGI the entire POST data makes into the enviroment. You can see this by adding a printf() to _php_import_environment_variables() function. The last element will contain the entire POST string. If that string contains a '=', then data before the '=' becomes the key (variable name) and the rest the variable content. Meaning that by the time the POST variables are registered $suchstr already has a value.
One way to fix this is to prevent duplicate variable registration by breaking on the 1st invalid entry from the enviroment inside _php_import_environment_variables(), which happens to be the script name, which is followed by either the POST data or random garbage.
Here is the relavent patch:
 [2003-03-28 11:55 UTC]
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at
In case this was a documentation problem, the fix will show up soon at

In case this was a website problem, the change will show
up on the site and on the mirror sites in short time.
Thank you for the report, and for helping us make PHP better.

 [2003-06-28 14:11 UTC] jcarver at mit dot edu
It looks like I'm getting the same error, but in slightly different conditions.

I'm on PHP 4.2.2 and have register globals off.  I get exactly the same error:
When I submit the value "bar", and I print_r  the  _POST, I expect to get the output:
  Array ( [foo] => bar ) 
but instead I get:
  Array ( [foo] => barfoo=bar ) 

I just thought it was important to note that it also happens with these conditions:
- register_globals can be 'Off'

- The $_POST[] array is mangled too

- $_GET is unaffected
 [2003-07-09 15:58 UTC] roarke dot gaskill at cornerstone dot net
I am seeing the exact same problem as jcarver described.  I don't see this problem when I am using Mozilla 1.1 but I see this problem with both IE 5 and 6.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sun Mar 26 10:04:44 2023 UTC