|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #60219 POSTDATA periods (.) being converted to underscores (_)
Submitted: 2011-11-04 14:04 UTC Modified: 2012-01-23 22:20 UTC
Avg. Score:4.4 ± 1.1
Reproduced:15 of 15 (100.0%)
Same Version:9 (60.0%)
Same OS:9 (60.0%)
From: kieran at menor dot dk Assigned:
Status: Open Package: Unknown/Other Function
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: kieran at menor dot dk
New email:
PHP Version: OS:


 [2011-11-04 14:04 UTC] kieran at menor dot dk
This is documented "intended" behavior as per this section of the manual:

I'm guessing it's a leftover from back when register_globals a common thing. It's been reported as a bug before a long time ago, and dismissed:

... but this is 2011, and I think it's worth giving it another go. Here's why:

First of all, nobody assigns POSTDATA directly to variables anymore. It all goes through $_POST;
Secondly, the claim that you can't have periods in variable names is bogus (see test script).
Lastly, the period is a good seperator to have available, and I understand that certain services such as OpenID depend on it, as noted here:

Test script:
${''} = 'Foo';


preserve-external-variable-names-ini-option (last revision 2012-01-24 00:11 UTC by kenaniah at gmail dot com)

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-11-04 14:10 UTC] kieran at menor dot dk
Not to mention, it's also potentially confusing and unexpected behavior for people who didn't happen to read that tiny paragraph of the manual.
 [2011-11-15 04:20 UTC] pablitobof at yahoo dot com dot mx
PHP 5.4 alpha1 has just been released which removes register_globals.  It seems appropriate that there would be a matching move towards removing the now unnecessary translation of characters in requests.
 [2012-01-23 20:08 UTC] kcerny at wirelesscapital dot com
The relevant code is found in the source file main/php_variables.c at line 94:

        /* ensure that we don't have spaces or dots in the variable name (not 
binary safe) */
        for (p = var; *p; p++) {
                if (*p == ' ' || *p == '.') {
                } else if (*p == '[') {
                        is_array = 1;
                        ip = p;
                        *p = 0;

I'm not sure what repercussions we'll face by removing that first if statement. 
I would suggest controlling this replacement behavior using an INI setting for 
backwards compatibility.
 [2012-01-23 22:32 UTC] tim at xi dot co dot nz
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sun Oct 25 06:01:24 2020 UTC