Description:
------------
Hello,

it seems, only the original bug reporter can change the status of "Feedback" or "No Feedback" to "Open" with a comment? So I must open a new bug report according to Bug #43162.

We all know, that a "." or " " in a query_string variable is rewritten to "_".

But there is a misbehavior with non printable characters (and/or characters which can't be in a variable name) which should be clarified.

In the test I use the array $_GET. But this also applies to parse_str():
| parse_str($_SERVER['QUERY_STRING']);
| var_dump($GLOBALS);

also wrong:
I can create a variable, with is not a valid variable name (as descriped in PHP manual):
| <a href="?%10a=%10a">Testlink</a>
| <?php
| $a= "\x10a";
| var_dump($$a);
| ?>


An other misbehavior:
If I have a "\0" (in the URI %00), the $_GET key name, starting from "\0" is missing (not binary safe).

Regards,
Carsten



Reproduce code:
---------------
<html>
<head><title>Testscript</title></head>
<body>
<a href="?a%00a=a%00a&amp;b%10b=b%10b&amp;c%0Dc=c%0Dc&amp;d%20d=d%20d&amp;e%2Ee=e%2Ee">Testlink</a>
<br>
<pre>
<?php
var_dump($_GET);
?>
</pre>
</body>
</html>


Expected result:
----------------
Good question ;-)

"\0" should have the same misbehavior as "\x10"

Or you can replace all non printable chars with "_".
(On the other side: for an array key ($_GET), this chars are valid.
 Only a problem for register_globals or parse_str)


Actual result:
--------------
magic_quotes_gpc = Off:
-----------------------
array(5) {
  ["a"]=>
  string(3) "a&#65533;a"
  ["bb"]=>
  string(3) "bb"
  ["c
c"]=>
  string(3) "c
c"
  ["d_d"]=>
  string(3) "d d"
  ["e_e"]=>
  string(3) "e.e"
}


magic_quotes_gpc = On:
----------------------
array(5) {
  ["a"]=>
  string(4) "a\0a"
  ["bb"]=>
  string(3) "bb"
  ["c
c"]=>
  string(3) "c
c"
  ["d_d"]=>
  string(3) "d d"
  ["e_e"]=>
  string(3) "e.e"
}