php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #37040 autoconversion of variable names should be turned off
Submitted: 2006-04-11 13:49 UTC Modified: 2021-09-23 13:38 UTC
Votes:5
Avg. Score:3.6 ± 1.5
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:2 (66.7%)
From: indeyets at gmail dot com Assigned:
Status: Suspended Package: *General Issues
PHP Version: 5.1.2 OS: FreeBSD 5.4
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: indeyets at gmail dot com
New email:
PHP Version: OS:

 

 [2006-04-11 13:49 UTC] indeyets at gmail dot com 
Description:
------------
Currently, PHP does autoconversion of 'dots' in external variable names to 'underscores'. It is documented here: http://ru.php.net/variables.external

It does make sense when application has register_globals enabled and prevents losing of incorrectly named variables.

Though, it doesn't make sense when register_globals setting is disabled. In this mode, all external variables are placed inside of associative array, and 'dot' is just as legal for the key-name as 'underscore' is

Reproduce code:
---------------
<?php
    echo '<a href="'.$_SERVER["SCRIPT_NAME"].'?var.name=value">test</a><hr>';
    echo '<pre>';
    var_dump($_GET);
    echo '</pre>';
?>


Expected result:
----------------
array(1) {
  ["var_name"]=>
  string(5) "value"
}

Actual result:
--------------
array(1) {
  ["var.name"]=>
  string(5) "value"
}

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-04-11 14:09 UTC] indeyets at gmail dot com 
to make myself clear:
I propose to turn off substitution of 'dots' with 'underscores' in variable names only for autoglobal-arrays.

Substitution still should be made for registered globals.
 [2012-07-11 14:46 UTC] alastair at propcom dot co dot uk 
Since register globals is removed in PHP 5.4, there is no longer any 
justification for this behaviour and it should be removed entirely.

If anyone else comes up with any justification for this behaviour, then that 
justifying factor should be removed because this modifying GET variable names is 
completely out of line.

Not that I'm bitter.
 [2012-07-11 15:21 UTC] rasmus@php.net 
extract() is able to extract directly into the current scope and would break 
without this substitution so it can't be completely removed, but it could be 
isolated to the time of the extract() call I suppose.
 [2012-07-11 15:21 UTC] rasmus@php.net
-Package: Feature/Change Request +Package: *General Issues
 [2014-09-19 14:32 UTC] hatsebutz at excite dot com 
+1 for the proposal of rasmus@php.net - move that replace-magic downwards to extract (and possible other functions bringing in new variables)
 [2021-09-23 13:38 UTC] cmb@php.net
-Status: Open +Status: Suspended
 [2021-09-23 13:38 UTC] cmb@php.net 
I would welcome that, but this change requires the RFC process[1].
Anybody is welcome to pursue it; for the time being, I suspend
this ticket.

[1] <https://wiki.php.net/rfc/howto>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 26 08:01:30 2024 UTC