php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #26994 extract() overwrites content of superglobal
Submitted: 2004-01-21 11:02 UTC Modified: 2004-01-28 08:01 UTC
From: kavol at email dot cz Assigned:
Status: Not a bug Package: Arrays related
PHP Version: 4.3.4 OS: linux (any?)
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: kavol at email dot cz
New email:
PHP Version: OS:

 

 [2004-01-21 11:02 UTC] kavol at email dot cz 
Description:
------------
after extract()ing an array containing a "key" => "data" with "key" being the same name as in $_SESSION, not only $key = "data", but the content of $_SESSION["key"] gets overwritten with "data" too

Reproduce code:
---------------
$jazyky = array (array ("jazyk" => "Če?tina", "kod" => "cs", "jak" => "česky"), array ("jazyk" => "English", "kod" => "en", "jak" => "English"));

$_SESSION["jazyk"] = "cs";

$jazyk = $_SESSION["jazyk"]; // this IS NOT assigment by reference ! (from manual: "the assignment copies the original variable to the new one")

echo $_SESSION["jazyk"];
foreach ($jazyky as $j) {
  extract ($j);
  echo "<a href='?jazyk=$kod'><img alt=\"$jak\" class=\"vlajka\" src=\"images/flag-$kod.png\"> $jazyk</a><br>";
  echo $_SESSION["jazyk"];
};
$jazyk = $_SESSION["jazyk"]; // this is the problem - I wanted to restore the previosly overwritten $jazyk but I found $_SESSION["jazyk"] to be overwritten too!

Expected result:
----------------
cs
<a href='?jazyk=cs'><img alt="&#269;esky" class="vlajka" src="images/flag-cs.png"> &#268;e?tina</a><br>
cs
<a href='?jazyk=en'><img alt="English" class="vlajka" src="images/flag-en.png"> English</a><br>
cs


Actual result:
--------------
cs
<a href='?jazyk=cs'><img alt="&#269;esky" class="vlajka" src="images/flag-cs.png"> &#268;e?tina</a><br>
&#268;e?tina
<a href='?jazyk=en'><img alt="English" class="vlajka" src="images/flag-en.png"> English</a><br>
English

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-01-21 11:55 UTC] iliaa@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

Works fine with latest CVS of PHP4.
 [2004-01-23 17:45 UTC] kavol at email dot cz 
unfortunately, I am unable to build the apache module from 
that source ... "configure --with-apxs2=/usr/sbin/apxs2" 
says this: 
 
[...] 
checking for Apache 2.0 filter-module support via DSO 
through APXS... no 
checking for Apache 2.0 handler-module support via DSO 
through APXS... expr: non-numeric argument 
./configure: line 5114: test: : integer expression expected 
./configure: line 5116: test: : integer expression expected 
yes 
[...] 
 
which seems to be a bit suspicious (although the result is 
"yes") and then "make" goes well except that the module is 
missing ... I got cli version (working...) but that's all 
 
I'll try to work it out asap, until then I can't confirm if 
the CVS version is ok for me, sorry ...
 [2004-01-24 23:52 UTC] sniper@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

RTFM about sessions and how to use them correctly. This has nothing to do with extract().
 [2004-01-25 15:09 UTC] kavol at email dot cz 
> RTFM about sessions and how to use them correctly. 
 
please could you be more specific? 
of course I have read about sessions and I can't remeber of 
any place saying that the contents of $_SESSION[something] 
can be randomly overwritten ... 
 
or do you mean that i left out session_start() from the 
example so as many other lines of the original code? 
 
> This has nothing to do with extract(). 
 
if a variable's value is changed after calling extract() 
then it has to do something with what? 
 
 
p.s. as for reproducing the error with newer snapshot: I 
decided to try to recompile apache - now I'm stuck with 
that, damn :-(
 [2004-01-28 08:01 UTC] kavol at email dot cz 
finally, I got it working (on another machine - there is 
something rotten in mine) and I cannot confirm this bug on 
newer version of PHP 
 
maybe, it appears only in some rare configuration... 
 
for sniper@php.net: 
if there is something wrong with my program and not with 
php, then could you explain how it is possible, that the 
same program doesn't work on one version and works on the 
other? 
I thought that for the same code should be given always the 
same result - either good or bad ...
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed Apr 24 13:01:29 2024 UTC