php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #55088 $GLOBALS["_REQUEST"]["something"] not set variable on auto_prepend_file
Submitted: 2011-06-30 09:26 UTC Modified: 2015-03-30 21:57 UTC
Votes:3
Avg. Score:3.7 ± 0.9
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:0 (0.0%)
From: m dot rondini at tigersecurity dot it Assigned:
Status: Open Package: Scripting Engine problem
PHP Version: 5.3.6 OS: Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2011-06-30 09:26 UTC] m dot rondini at tigersecurity dot it
Description:
------------
test1.php
[CODE]
<?php
	$GLOBALS["_REQUEST"]["test"] = "request";
        $GLOBALS["_GET"]["test1"] = "get";
?>
[/CODE]


test2.php
[CODE]
<?php
	echo $_REQUEST["test"];
	echo "<br />";
	echo $_GET["test1"];
?>
[/CODE]


.htaccess
[CODE]
php_value auto_prepend_file ./test1.php
[/CODE]


with this scenario, the only printed variable is $_GET["test1"] . However, if I 
append "print_r($_REQUEST);" in test1.php, it work. 

Expected result:
----------------
request
get

Actual result:
--------------

get

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-07-06 05:06 UTC] johannes@php.net
-Status: Open +Status: Wont fix
 [2011-07-06 05:06 UTC] johannes@php.net
Super-Globals ($_GET / $_REQUEST / $_SESSION / ...) are optimized that they are only provided if the parser detects them being used. If you write $GLOBALS["_REQUEST"] only this won't be detected.

You can fix the issue by writing

    $_REQUEST["test"] = "request";
    $_GET["test1"] = "get";

or by setting auto_globals_jit=0 in php.ini

The only way we could fix it is by always providing all super-globals in every context which is a notable performance hit.
 [2011-07-06 05:59 UTC] m dot rondini at tigersecurity dot it
why, if i use "require('test1.php');" in test2.php, work it fine?
After prepend "require", the return is "request<br />get", how i would see. But, 
using auto_prepend_file, something wrong. Is It a bug or other?
 [2011-07-06 09:00 UTC] johannes@php.net
If you include test1.php from test2.php the engine will first compile and execute test2.php. test2.php references $_REQUEST using that name and all so it will be initialized and added to the symbol table (in this case the global symbol table). Then test1.php will be compiled and executed, also using the global symbol table, which still contains $_REQUEST.
 [2011-07-06 09:10 UTC] m dot rondini at tigersecurity dot it
ok right, but in php.net documentation i read this:

[phpnet]
auto_prepend_file string
Specifies the name of a file that is automatically parsed before the main file. 
The file is included as if it was called with the require() function, so 
include_path is used.

The special value none disables auto-prepending.
[/phpnet]

It use a require, and the output must be the same..
 [2011-07-06 12:38 UTC] johannes@php.net
-Status: Wont fix +Status: Open -Package: *General Issues +Package: Documentation problem
 [2011-07-06 12:38 UTC] johannes@php.net
The documentation is wrong or at least not precise.

The auto_[a|pre]pend_file is not included from the main script, as a require would do but they are processed sequentially. 

As consequence the main script will work in the same space as the prepend file did (global variables, classes, static variables, ...), the append file will inherit the main scripts context.

But there are some differences, one is shown here, others are that the include is not listed in the stack trace. Also the prepend file will be executed even if the main file has an parse error (which wouldn't happen if it was included from there)

Maybe it can be seen as "prepend file includes main file includes append file" but that's not exact either.

I don't have a good wording for the docs at hand ...

(short remark: I like the word include more than require, feel free to replace it in your mind ;-) )
 [2011-07-06 14:17 UTC] m dot rondini at tigersecurity dot it
ok, thank you for the explication ;)
 [2015-03-30 21:57 UTC] cmb@php.net
-Type: Bug +Type: Documentation Problem -Package: Documentation problem +Package: Scripting Engine problem
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 11:01:28 2024 UTC