PHP :: Bug #37341 :: $_SERVER in included file is shortened to two entries, if $

Bug #37341	$_SERVER in included file is shortened to two entries, if $_ENV gets used
Submitted:	2006-05-06 20:38 UTC	Modified:	2006-05-24 07:56 UTC
From:	phpbugs at thequod dot de	Assigned:	dmitry (profile)
Status:	Closed	Package:	CGI/CLI related
PHP Version:	5CVS-2006-05-06 (CVS)	OS:	Ubuntu Linux
Private report:	No	CVE-ID:	None

View Developer Edit

[2006-05-06 20:38 UTC] phpbugs at thequod dot de

Description:
------------
I've just discovered a nasty bug: in phpMyAdmin's 
index.php gets a file required:
require_once('./libraries/common.lib.php');

Inside this file then, $_SERVER is shortened to just two 
entries: PHP_SELF and REQUEST_TIME (I've added a 
var_dump() at the beginning).

However, var_dump($_SERVER) in index.php before the 
include outputs the whole array.

And additionally, now it is correctly filled in the 
include's var_dump(): Just accessing $_SERVER (through 
var_dump() or $a = $_SERVER) before the include corrects 
it inside the include.

Reproduce code:
---------------
I could not reproduce it with a small test script, but with phpMyAdmin 2.8.0.3.

I'm using Apache2 and PHP as FastCGI.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-05-06 21:27 UTC] tony2001@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try to avoid embedding huge scripts into the report.

[2006-05-10 22:16 UTC] phpbugs at thequod dot de

To reproduce:
--- SERVER.php ---
<?php

# If $_SERVER does not get accessed in this script, it is 
nearly empty in the include:
#echo 'Count($_SERVER): '.count($_SERVER)."\n";

require_once('./SERVER.inc.php');

# "Accessing" $_ENV here makes $_SERVER empty in the 
include:
$foo = empty($_ENV);

?>


--- SERVER.inc.php ---
<?php

# This will be 2, if $_ENV gets accessed in the main 
script, but not $_SERVER!
echo 'Count($_SERVER) (Include): '.count($_SERVER)."\n";

?>

[2006-05-10 22:17 UTC] phpbugs at thequod dot de

PHP 5.1.5-dev (cgi-fcgi) (built: May  6 2006 22:18:37)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend 
Technologies

[2006-05-10 22:18 UTC] phpbugs at thequod dot de

changed summary.. sorry.

[2006-05-18 16:58 UTC] phpbugs at thequod dot de

I just wanted to write a .phpt test case for it and 
recognized, that it only happens when using

FastCgiServer /XXX/php5-fcgi-starter -user XXX -group 
XXX -pass-header HTTP_AUTHORIZATION -flush -idle-timeout 
60

It does NOT happen, if the fcgi binary is running 
in "dynamic mode"..

[2006-05-18 17:01 UTC] phpbugs at thequod dot de

Changed category. Also happens with 5.2-CVS btw.

[2006-05-24 07:56 UTC] dmitry@php.net

The bug occured with the following php.ini

register_globals=0
register_long_arrays=0
auto_globals_jit=1
register_argc_argv=0
variables_order="GPCS"

Fixed in CVS HEAD, PHP_5_2 and PHP_5_1.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Oct 20 19:00:01 2025 UTC