php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #37341 $_SERVER in included file is shortened to two entries, if $_ENV gets used
Submitted: 2006-05-06 20:38 UTC Modified: 2006-05-24 07:56 UTC
From: phpbugs at thequod dot de Assigned: dmitry (profile)
Status: Closed Package: CGI/CLI related
PHP Version: 5CVS-2006-05-06 (CVS) OS: Ubuntu Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: phpbugs at thequod dot de
New email:
PHP Version: OS:

 

 [2006-05-06 20:38 UTC] phpbugs at thequod dot de
Description:
------------
I've just discovered a nasty bug: in phpMyAdmin's 
index.php gets a file required:
require_once('./libraries/common.lib.php');

Inside this file then, $_SERVER is shortened to just two 
entries: PHP_SELF and REQUEST_TIME (I've added a 
var_dump() at the beginning).

However, var_dump($_SERVER) in index.php before the 
include outputs the whole array.

And additionally, now it is correctly filled in the 
include's var_dump(): Just accessing $_SERVER (through 
var_dump() or $a = $_SERVER) before the include corrects 
it inside the include.

Reproduce code:
---------------
I could not reproduce it with a small test script, but with phpMyAdmin 2.8.0.3.

I'm using Apache2 and PHP as FastCGI.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-05-06 21:27 UTC] tony2001@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try to avoid embedding huge scripts into the report.


 [2006-05-10 22:16 UTC] phpbugs at thequod dot de
To reproduce:
--- SERVER.php ---
<?php

# If $_SERVER does not get accessed in this script, it is 
nearly empty in the include:
#echo 'Count($_SERVER): '.count($_SERVER)."\n";

require_once('./SERVER.inc.php');

# "Accessing" $_ENV here makes $_SERVER empty in the 
include:
$foo = empty($_ENV);

?>


--- SERVER.inc.php ---
<?php

# This will be 2, if $_ENV gets accessed in the main 
script, but not $_SERVER!
echo 'Count($_SERVER) (Include): '.count($_SERVER)."\n";

?>
 [2006-05-10 22:17 UTC] phpbugs at thequod dot de
PHP 5.1.5-dev (cgi-fcgi) (built: May  6 2006 22:18:37)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend 
Technologies
 [2006-05-10 22:18 UTC] phpbugs at thequod dot de
changed summary.. sorry.
 [2006-05-18 16:58 UTC] phpbugs at thequod dot de
I just wanted to write a .phpt test case for it and 
recognized, that it only happens when using

FastCgiServer /XXX/php5-fcgi-starter -user XXX -group 
XXX -pass-header HTTP_AUTHORIZATION -flush -idle-timeout 
60

It does NOT happen, if the fcgi binary is running 
in "dynamic mode"..
 [2006-05-18 17:01 UTC] phpbugs at thequod dot de
Changed category. Also happens with 5.2-CVS btw.
 [2006-05-24 07:56 UTC] dmitry@php.net
The bug occured with the following php.ini

register_globals=0
register_long_arrays=0
auto_globals_jit=1
register_argc_argv=0
variables_order="GPCS"

Fixed in CVS HEAD, PHP_5_2 and PHP_5_1.

 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 09:01:30 2024 UTC