PHP :: Bug #37261 :: fopen() drops $

Bug #37261	fopen() drops $_SESSION variables
Submitted:	2006-05-01 14:58 UTC	Modified:	2006-05-01 15:40 UTC
From:	info at handyheroes dot com	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	4.4.2	OS:	Linux with Apache/1.3.34
Private report:	No	CVE-ID:	None

View Developer Edit

[2006-05-01 14:58 UTC] info at handyheroes dot com

Description:
------------
When using fopen() to open a url within the same domain all session variables are ignored. Including POST and GET.

I want to provide a link for users to send thier current page. The current page is based on their security level and company_id which are stored as $_SESSION['sess_perms'] and $_SESSION['sess_cid'] after they login. 

The link to send the page is provided on each page and when clicked accesses the function to generate the page and then mail it via mail();

The problem is when using fopen() or hightlight_file() the sessions variables are missing so the DB query does a full result set.

Reproduce code:
---------------
1) The Link
$link=$_SERVER['PHP_SELF']."?main_page=".$main_page."&PHPSESSID=".$PHPSESSID;

<a href="index.php?mod=send_page&main_page=send_page.php&p=<? echo rawurlencode($link) ?>">Send Page</a>

2) Function
	function page_to_send() {
	global $mod,$p,$page,$query;
	$p="http://www.molloyllc.com".$p."&mail_ok=ok";
	$fh=fopen("$p", "r");
	while(!feof($fh)){
	$output =(fgets($fh, 1024));
	$page=$page."\r\n".$output;
	}
	fclose($fh);
	return($page);
	}


Expected result:
----------------
fopen() opens the supplied URL and then based on users security and company should return a list of data from a MySQL query based on the $_SESSION variables. EXAMPLE

if($_SESSION['sess_perms']=="Staff"){
$query="select uid,realname,email,client_id,location_id,phone from users";
$query.=" where client_id=\"$_SESSION[sess_cid]\" ";

should return a list of employees for that company only.

Actual result:
--------------
Returns all employees from DB. This is the $GLOBALS dump

main_page users.php
mail_ok ok
DOCUMENT_ROOT /usr/local/etc/httpd/htdocs/molloyllccom
HTTP_HOST www.molloyllc.com
PATH /bin:/usr/bin
REMOTE_ADDR 66.219.104.44
REMOTE_PORT 55682
SCRIPT_FILENAME /usr/local/etc/httpd/htdocs/molloyllccom/CVS/molloyllccom/index.php
SERVER_ADDR 66.219.104.44
SERVER_ADMIN strangeb@strangebrew.com
SERVER_NAME molloyllc.com
SERVER_PORT 80
SERVER_SIGNATURE 
Apache/1.3.34 Server at molloyllc.com Port 80

SERVER_SOFTWARE Apache/1.3.34 (Unix) filter/1.0 PHP/4.4.1
GATEWAY_INTERFACE CGI/1.1
SERVER_PROTOCOL HTTP/1.0
REQUEST_METHOD GET
QUERY_STRING main_page=users.php&mail_ok=ok
REQUEST_URI /CVS/molloyllccom/index.php?main_page=users.php&mail_ok=ok
SCRIPT_NAME /CVS/molloyllccom/index.php
PATH_TRANSLATED /usr/local/etc/httpd/htdocs/molloyllccom/CVS/molloyllccom/index.php
PHP_SELF /CVS/molloyllccom/index.php
HTTP_POST_VARS Array
_POST Array
HTTP_GET_VARS Array
_GET Array
HTTP_COOKIE_VARS Array
_COOKIE Array
HTTP_SERVER_VARS Array
_SERVER Array
HTTP_ENV_VARS Array
_ENV Array
HTTP_POST_FILES Array
_FILES Array
_REQUEST Array
HTTP_SESSION_VARS Array
_SESSION Array
db_name molloy_cvs
spaw_dir /CVS/molloyllccom/spaw/
spaw_base_url http://www.molloyllc.com/
spaw_root /usr/local/etc/httpd/htdocs/molloyllccom/CVS/molloyllccom/spaw/
spaw_default_toolbars full
spaw_default_theme default
spaw_default_lang en
spaw_default_css_styles heet /CVS/molloyllccom/spaw/wysiwyg.css
spaw_inline_js 
spaw_active_toolbar 1
spaw_dropdown_data Array
spaw_valid_imgs Array
spaw_upload_allowed 1
spaw_img_delete_allowed 1
spaw_imglibs Array
spaw_a_targets Array
spaw_img_popup_url /CVS/molloyllccom/spaw/img_popup.php
spaw_internal_link_script url to your internal link selection script
spaw_disable_style_controls 1
spaw_wysiwyg_instCount 0
user Object
uid 
del_uid 
query select locationname from locations where lid="44" 
client_id 
location_id 
client_name Terrys Car Care
news 

and the regular dump

mod send_page
main_page send_page.php
p http://www.molloyllc.com/CVS/molloyllccom/index.php?main_page=users.php&mail_ok=ok
PHPSESSID 5b9f2384e5047292f982ad2ea3a00cd9
DOCUMENT_ROOT /usr/local/etc/httpd/htdocs/molloyllccom
HTTP_ACCEPT image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*
HTTP_ACCEPT_ENCODING gzip, deflate
HTTP_ACCEPT_LANGUAGE en-us
HTTP_CONNECTION Keep-Alive
HTTP_COOKIE PHPSESSID=5b9f2384e5047292f982ad2ea3a00cd9
HTTP_HOST molloyllc.com
HTTP_REFERER http://molloyllc.com/CVS/molloyllccom/index.php?main_page=users.php
HTTP_USER_AGENT Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
PATH /bin:/usr/bin
REMOTE_ADDR 70.125.85.128
REMOTE_PORT 2068
SCRIPT_FILENAME /usr/local/etc/httpd/htdocs/molloyllccom/CVS/molloyllccom/index.php
SERVER_ADDR 66.219.104.44
SERVER_ADMIN strangeb@strangebrew.com
SERVER_NAME molloyllc.com
SERVER_PORT 80
SERVER_SIGNATURE 
Apache/1.3.34 Server at molloyllc.com Port 80

SERVER_SOFTWARE Apache/1.3.34 (Unix) filter/1.0 PHP/4.4.1
GATEWAY_INTERFACE CGI/1.1
SERVER_PROTOCOL HTTP/1.1
REQUEST_METHOD GET
QUERY_STRING mod=send_page&main_page=send_page.php&p=%2FCVS%2Fmolloyllccom%2Findex.php?main_page=users.php
REQUEST_URI /CVS/molloyllccom/index.php?mod=send_page&main_page=send_page.php&p=%2FCVS%2Fmolloyllccom%2Findex.php?main_page=users.php
SCRIPT_NAME /CVS/molloyllccom/index.php
PATH_TRANSLATED /usr/local/etc/httpd/htdocs/molloyllccom/CVS/molloyllccom/index.php
PHP_SELF /CVS/molloyllccom/index.php
HTTP_POST_VARS Array
_POST Array
HTTP_GET_VARS Array
_GET Array
HTTP_COOKIE_VARS Array
_COOKIE Array
HTTP_SERVER_VARS Array
_SERVER Array
HTTP_ENV_VARS Array
_ENV Array
HTTP_POST_FILES Array
_FILES Array
_REQUEST Array
HTTP_SESSION_VARS Array
_SESSION Array
sess_uid 56
sess_realname Nick Reale
sess_lid 34
sess_cid 23
sess_perms Admin
sess_client Jordanas Goodyear
sess_version full
db_name molloy_cvs
spaw_dir /CVS/molloyllccom/spaw/
spaw_base_url http://www.molloyllc.com/
spaw_root /usr/local/etc/httpd/htdocs/molloyllccom/CVS/molloyllccom/spaw/
spaw_default_toolbars full
spaw_default_theme default
spaw_default_lang en
spaw_default_css_stylesheet /CVS/molloyllccom/spaw/wysiwyg.css
spaw_inline_js 
spaw_active_toolbar 1
spaw_dropdown_data Array
spaw_valid_imgs Array
spaw_upload_allowed 1
spaw_img_delete_allowed 1
spaw_imglibs Array
spaw_a_targets Array
spaw_img_popup_url /CVS/molloyllccom/spaw/img_popup.php
spaw_internal_link_script url to your internal link selection script
spaw_disable_style_controls 1
spaw_wysiwyg_instCount 0
common Object
client_id 
locationname 
address 
location_id 
query select uid,realname,location_id from users order by realname
uid 
user 
page

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-05-01 15:00 UTC] tony2001@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

[2006-05-01 15:40 UTC] info at handyheroes dot com

Ok.. Bogus not a bug. I try to pass the PHPSESSID and fopen() fails.. Is that a bug?

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2026 The PHP Group All rights reserved.	Last updated: Thu Apr 02 20:00:01 2026 UTC