php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69952 Data integrity issues accessing superglobals by reference
Submitted: 2015-06-27 17:06 UTC Modified: 2015-06-28 14:28 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:0 (0.0%)
From: michael dot babker at gmail dot com Assigned: bwoebi (profile)
Status: Closed Package: Session related
PHP Version: 7.0.0alpha2 OS: N/A
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
23 + 6 = ?
Subscribe to this entry?

 
 [2015-06-27 17:06 UTC] michael dot babker at gmail dot com
Description:
------------
Within Joomla, our input retrieval and setting API accesses the superglobals by reference.  It appears because of some of the engine refactoring, accessing the same data is not working the same way.  In the case of Joomla, this is most evident in our session boot sequence (extracted into the test script below) where data validated in the $_COOKIE superglobal is no longer returned correctly.

Test script:
---------------
https://github.com/mbabker/session-test/blob/purephp/index.php

Expected result:
----------------
On each execution of the script, the session counter should increment by one.

Actual result:
--------------
On each execution of the script, the session counter's value is one.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-06-28 12:22 UTC] cmb@php.net
-Status: Open +Status: Verified
 [2015-06-28 12:22 UTC] cmb@php.net
I can confirm the issue. The following test script is sufficient
to reproduce it:

    <?php
    $cookieData = &$_COOKIE;
    session_start();
    var_dump($_SESSION);
    $_SESSION['foo'] = 'bar';

Apparently, the by-ref assignment causes a new session to be
created on each request.

@michael: The condition of the outermost if statement in your test
script is always FALSE, because a variable can't be isset() and
is_null().
 [2015-06-28 14:09 UTC] michael dot babker at gmail dot com
Ya, that was just me trying to reproduce what our internal code actually does as close as possible (the isset is part of our input API and the is_null check in the session startup).  Either way, glad to see I haven't completely lost it :-)
 [2015-06-28 14:28 UTC] bwoebi@php.net
-Status: Verified +Status: Assigned -Assigned To: +Assigned To: bwoebi
 [2015-06-28 14:31 UTC] bwoebi@php.net
Automatic comment on behalf of bobwei9@hotmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=b477aa1fad6cac41ee6959921b229cb3dba79e6e
Log: Fix bug #69952 (Dereferencing issue in session_start())
 [2015-06-28 14:31 UTC] bwoebi@php.net
-Status: Assigned +Status: Closed
 [2015-07-07 23:37 UTC] ab@php.net
Automatic comment on behalf of bobwei9@hotmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=b477aa1fad6cac41ee6959921b229cb3dba79e6e
Log: Fix bug #69952 (Dereferencing issue in session_start())
 [2016-07-20 11:38 UTC] davey@php.net
Automatic comment on behalf of bobwei9@hotmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=b477aa1fad6cac41ee6959921b229cb3dba79e6e
Log: Fix bug #69952 (Dereferencing issue in session_start())
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 09:01:28 2024 UTC