php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #41821 handling dots in http request variable names
Submitted: 2007-06-27 10:47 UTC Modified: 2007-06-27 10:57 UTC
From: php at niksoggia dot it Assigned:
Status: Not a bug Package: *Web Server problem
PHP Version: 5.2.3 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: php at niksoggia dot it
New email:
PHP Version: OS:

 

 [2007-06-27 10:47 UTC] php at niksoggia dot it
Description:
------------
Some HTTP request variable names are modified in a unexpected way.
The HTML form may submit data using either get or post methods, retrieving those values using $_GET $_POST $_REQUEST $HTTP_GET_VARS or $HTTP_POST_VARS leads to the same and unpredictable result.
This does not happen to the $z check array, that behaves predictably.

To trigger this behaviour, the HTTP request variable name (that will become the key of an associative array) must contain at least one dot character (".", ASCII 0x2E).

My sample code demonstrates that "x.y" is renamed as "x_y" overwriting the legitimate "x_y" value and leaving the "x.y" key unset.
If you delete the "x_y" input tag and resubmit the form, the result will not change. If you restore the "x_y" input tag then delete the "x.y" input tag and then resubmit the form, the result will be as expected.

Reproduce code:
---------------
<html><title>dot bug</title><body>
<form method="get" action="">
<tt>x_y: </tt><input type="text" name="x_y" value="1"><br>
<tt>x-y: </tt><input type="text" name="x-y" value="2"><br>
<tt>x.y: </tt><input type="text" name="x.y" value="3"><br>
<input type="submit">
</form><tt>
<?php
$z = array ('x_y' => 'x_y [', 'x-y' => 'x-y [', 'x.y' => 'x.y [');
echo (  $z['x_y'] . $_GET['x_y'] . '] [' . isset ($_GET['x_y']) . "]<br>\n" .
        $z['x-y'] . $_GET['x-y'] . '] [' . isset ($_GET['x-y']) . "]<br>\n" .
        $z['x.y'] . $_GET['x.y'] . '] [' . isset ($_GET['x.y']) . "]<br>\n" .
        '<hr>query string: ' . htmlspecialchars ($_SERVER['QUERY_STRING']));
?>
</tt></body></html>

Expected result:
----------------
x_y [1] [1]
x-y [2] [1]
x.y [3] [1]

Actual result:
--------------
x_y [3] [1]
x-y [2] [1]
x.y [] []

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-06-27 10:57 UTC] tony2001@php.net
This is expected behaviour, but it's subject to change in PHP6.
The "." symbol is not a legal symbol in PHP variable names, so PHP replaces it with "_" when registering a variable (and adding element to the _POST array).
Even though the variable would be registered only if register_globals in On, the behavior was made consistent to prevent possible confusion.

PHP6 doesn't have register_globals, so there is no need to keep this behavior anymore.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Fri Sep 24 04:03:36 2021 UTC