PHP :: Bug #37488 :: Modifing GPC values

Bug #37488

Modifing GPC values

Submitted:

2006-05-18 07:01 UTC

Modified:

2007-03-11 08:23 UTC

Votes:	1
Avg. Score:	4.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

serkan dot kibritoglu at gmail dot com

Assigned:

Status:

Not a bug

Package:

Variables related

PHP Version:

5.2.0

OS:

winXP

Private report:

CVE-ID:

None

View Developer Edit

[2006-05-18 07:01 UTC] serkan dot kibritoglu at gmail dot com

Description:
------------
Very simple logic. Here you go;


Reproduce code:
---------------
if($_GET['param']=='') $_GET['param'] = "I am changed forever.";
echo "Should print: " . $_GET['param'] . "<br>\n";

import_request_variables("g", "g_");
echo "And... !: " . $g_param . "<br>\n";


Expected result:
----------------
Should print: I am changed forever.
And... !: I am changed forever.

Actual result:
--------------
Should print: I am changed forever.
And... !:

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-06-05 16:02 UTC] iliaa@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

Only the actual values supplied via GPC can be imported.

[2007-03-11 07:34 UTC] serkan dot kibritoglu at gmail dot com

I am sorry to re-open this bug but it is very very similar to this one.

Reproduce code:
---------------
foreach($_POST as $key => $value) {
  $_POST[$key] = trim($value);
  $_POST[$key] = strip_tags($value);
  $_POST[$key] = mysql_real_escape_string($value);
}


Expected result:
----------------
The code above should; trim, strip_tags and mysql_real_escape_string to the original values but it only applies the last function in foreach, which is mysql_real_escape_string.

When i replace the trim() line to the end, it only trims and so on..

I think same goes for _GET and _COOKIE values as well.

[2007-03-11 08:23 UTC] serkan dot kibritoglu at gmail dot com

I am terribly sorry.

Since the $value contains original, this was such an amateurish bug report.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Jan 02 22:01:28 2025 UTC