PHP :: Bug #48379 :: Bogus value in variables leaked from POST or SESSION

Bug #48379	Bogus value in variables leaked from POST or SESSION
Submitted:	2009-05-25 03:37 UTC	Modified:	2009-05-25 12:43 UTC
From:	anchoa at cardumen dot info	Assigned:
Status:	Not a bug	Package:	Variables related
PHP Version:	5.2.9	OS:	linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	anchoa at cardumen dot info
New email:
PHP Version:		OS:

New/Additional Comment:

[2009-05-25 03:37 UTC] anchoa at cardumen dot info

Description:
------------
Variables that have the same name as an associative POST or SESSION 
variable are assigned their values, For example, if $_SESSION['v1'] == 
"abcd", $v1 is assigned "abcd" instead of being left undefined. 

Reproduce code:
---------------
See:

http://testing.cardumen.com/session-bug.php


Expected result:
----------------
The right behavior is for the four variables  v1, v2, v3, and v4 to 
remain undefined.

Actual result:
--------------
Enter some data in text fields v1, v2, v3, and v4

Variables $v1, $v2, $v3, and $v4 will be assigned the values leaked from 
$_SESSION['v1'], $_SESSION['v2'], $_SESSION['v3'], and $_SESSION['v4'], 

If you comment out session_start(); and or $_SESSION = $_POST; the 
values will be leaked from $_POST.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-05-25 08:05 UTC] jani@php.net

And register_globals is off..?

[2009-05-25 12:13 UTC] anchoa at cardumen dot info

When the leak happens, register_globals is on

When I turn register_globals off, the leak does not happen.

register_globals is now "on" at the test site

[2009-05-25 12:25 UTC] anchoa at cardumen dot info

The variable that is giving me troubles (in my real code, not the test 
code) was initialized to empty ($var = '') before calling 
session_start() and, supposedly an already initialized variable should 
not be injected with a new value.

[2009-05-25 12:43 UTC] jani@php.net

That "leak" is expected when you have register_globals=On. And that's one reason register_globals will be gone in PHP 6.. :)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun May 05 16:01:30 2024 UTC