|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #28753 adding [] to the querystring often produce error
Submitted: 2004-06-12 11:52 UTC Modified: 2004-07-06 10:25 UTC
From: ppmm at wuxinan dot net Assigned:
Status: Wont fix Package: Arrays related
PHP Version: 4.3.7 OS: All
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: ppmm at wuxinan dot net
New email:
PHP Version: OS:


 [2004-06-12 11:52 UTC] ppmm at wuxinan dot net
Have a look at the following URL, for example:[]=/manual/en/installation.php

I think it's a very classical problem in PHP. $_GET["url"] becomes an array in PHP script. This is a good thing, but the side-effect is that when $_GET["url"] is not expected to be an array, script would often produce an error, the message of which often includes the filesystem path of the PHP file on the server. Surf whatever PHP-based website and try this trick, it would often produce a great error message for hackers.

Sure, webmaster could, however, prevent this kind of error from happening by some simple error checking. However, I mean, in the future release of PHP, is there any way we can do things better? Or somehow we need to educate webmaster about this (possibly security-related) issue.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2004-06-12 12:19 UTC]
This is up to the programmers, not to us to fix.
 [2004-07-06 10:25 UTC] ppmm at wuxinan dot net
true. But might be useful if we can turn off this feature via php.ini
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sat Sep 23 05:01:23 2023 UTC