php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #37087 register_globals with $_SESSION
Submitted: 2006-04-14 19:22 UTC Modified: 2006-04-14 19:36 UTC
Votes:1
Avg. Score:2.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: stefys at gmail dot com Assigned:
Status: Wont fix Package: Variables related
PHP Version: 5.1.2 OS: Windows XP SP2
Private report: No CVE-ID: None
 [2006-04-14 19:22 UTC] stefys at gmail dot com
Description:
------------
When register_globals is enabled, items from $_SESSION are stored into variables. However, if you unset one of those variables, and then you set it again with his own value, then you session_unset() the variable will be lost too. This is not really a bug, but maybe there is a way to check if that variable still "points" to $_SESSION.

Reproduce code:
---------------
<?
	session_start();
	if (!isset($_SESSION['test']))
	{
		$_SESSION['test'] = "value in session";
		echo "please reload!";
	}
	else
	{
		echo '$_SESSION[\'test\']: '.$_SESSION['test']."<br>"; // prints $_SESSION['test'] 
		echo '$test: '.$test."<br>"; // prints $_SESSION['test']
		unset($test); //unsets $test, now $test is not a "pointer" to $_SESSION['test'] anymore
		$test = "my own value";
		echo '$_SESSION[\'test\']: '.$_SESSION['test']."<br>";
		echo '$test: '.$test."<br>"; //ok, now $test has different value than $_SESSION['test']
		session_unset(); // unsets $_SESSION['test'], but $test too, because register_globals is enabled
		echo '$_SESSION[\'test\']: '.$_SESSION['test']."<br>";
		echo '$test: '.$test."<br>";
	}
?>

Expected result:
----------------
It should only unset $_SESSION['test'], not $test, even if register_globals is enabled.

Actual result:
--------------
Both, $test and $_SESSION['test'] are unset. This how I think that session_unset() works:

function session_unset()
{
    global $_SESSION;
    foreach ($_SESSION as $item => $value)
    {
        unset($_SESSION[$item]);
        if (ini_get('register_globals')) unset($$value); // unsets $value, no matter if it does not "point" to $_SESSION anymore
        //as a temporary fix:
        //if (ini_get('register_globals') && $$value === $_SESSION[$item]) ... // this will still not fix everything, since value of $$value might be same as in $_SESSION, in which case it will still be unset
    }
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-04-14 19:36 UTC] tony2001@php.net
register_globals will not exist in PHP6.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC