php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #38211 variable name and cookie name match breaks script execution
Submitted: 2006-07-25 18:00 UTC Modified: 2006-07-26 09:28 UTC
From: tokul at users dot sourceforge dot net Assigned: dmitry
Status: Closed Package: Reproducible crash
PHP Version: 5CVS-2006-07-25 (snap) OS: Linux Debian Sarge
Private report: No CVE-ID:
 [2006-07-25 18:00 UTC] tokul at users dot sourceforge dot net
Description:
------------
If PHP register_globals are turned on and code tries to unset globals, unset command can break script execution. It is possible that issue is not in unset() command. Maybe it is caused by some foreach() function changes or some session/cookie handling changes.

Issue was reported on php-qa mailing list by Phil Driscoll (http://news.php.net/php.qa/26841).

PHP 5.2.0rc2-dev (200607251030) snapshot. Compiled as Apache2 DSO module. register_globals are turned on in php.ini. I can provide configure command and php.ini settings, if you need them. error_reporting is set to E_ALL

Can't reproduce it in 5.1.4 or older versions.

Reproduce code:
---------------
<?php
if (!isset($_COOKIE['test'])) {
  setcookie('test','somevalue');
  echo 'reload script';
} else {
  foreach ($_REQUEST as $test => $value) {
    // code crashes on unset() call
    unset($GLOBALS[$test]);
  }
  echo time();
}
?>

Expected result:
----------------
script should display 'reload script' on first load and timestamp on second load.

Actual result:
--------------
script displays 'reload script' on first load (cookie is not set) and crashes without any visible error when it is reloaded.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-07-25 18:02 UTC] tokul at users dot sourceforge dot net
"script displays 'reload script' on first load (cookie is not set)" means that 'reload script' text is displayed because 'test' cookie is not set.
 [2006-07-25 19:46 UTC] phildriscoll@php.net
Possibly very closely related to Bug #36646 ?
 [2006-07-26 05:20 UTC] tokul at users dot sourceforge dot net
Shorter reproduce code.

<?php
$test = 'test';
unset($$test);
echo time();
?>

Can reproduce issue only in apache DSO. PHP 5.2.0rc2-dev cli does not die.

I'll fix my code that tries to unset variable itself.
 [2006-07-26 09:28 UTC] dmitry@php.net
Fixed in CVS HEAD and PHP_5_2.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 10:03:03 2014 UTC