php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #45272 no ini setting to inhibit conversion of dots to underscores in $_REQUEST
Submitted: 2008-06-14 23:01 UTC Modified: 2012-02-26 07:48 UTC
Votes:13
Avg. Score:4.4 ± 0.7
Reproduced:13 of 13 (100.0%)
Same Version:3 (23.1%)
Same OS:9 (69.2%)
From: tavin dot cole at gmail dot com Assigned:
Status: Open Package: *Web Server problem
PHP Version: 5.2.6 OS: any
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tavin dot cole at gmail dot com
New email:
PHP Version: OS:

 

 [2008-06-14 23:01 UTC] tavin dot cole at gmail dot com
Description:
------------
It's well known that PHP converts dots to underscores for incoming variable names.  This is very frustrating when writing modern PHP code with register_globals off and using $_REQUEST etc. instead.

It's been stated this will not be changed due to BC issues.

Why not introduce an INI setting to inhibit this behavior?

Thanks for your consideration.



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-06-15 17:52 UTC] tavin dot cole at gmail dot com
the following is a trivial patch for those needing a workaround to this problem.  it only inhibits the munging of dots and doesn't address things like spaces and square brackets.  it also doesn't address introducing an INI setting.

diff -ru php-5.2.6._dist/main/php_variables.c php-5.2.6._mine/main/php_variables.c
--- php-5.2.6._dist/main/php_variables.c        2007-12-31 07:20:15.000000000 +0000
+++ php-5.2.6._mine/main/php_variables.c        2008-06-14 23:34:25.000000000 +0000
@@ -91,7 +91,7 @@
 
        /* ensure that we don't have spaces or dots in the variable name (not binary safe) */
        for (p = var; *p; p++) {
-               if (*p == ' ' || *p == '.') {
+               if (*p == ' ' /*|| *p == '.'*/) {
                        *p='_';
                } else if (*p == '[') {
                        is_array = 1;
 [2012-02-26 07:48 UTC] stas@php.net
-Package: Feature/Change Request +Package: *Web Server problem
 [2012-05-14 03:18 UTC] pravdin at vl dot ru
In PHP 5.4 INI the register_globals setting was removed finally. So, this atricle in documentation become not true:

"Dots in incoming variable names

Typically, PHP does not alter the names of variables when they are passed into a script. However, it should be noted that the dot (period, full stop) is not a valid character in a PHP variable name."

Because external variables will never become internal variables, translation dots to underscores become senseless. 

Please, add an INI setting to disable dots to underscores translation!
 [2018-07-18 12:03 UTC] strijbol dot niko at gmail dot com
Has there been any progress on this?
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sun May 19 13:01:26 2019 UTC