php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72348 Ignored variable value in if-request when switching the var type
Submitted: 2016-06-06 18:34 UTC Modified: 2016-06-07 09:58 UTC
From: toastboot at gmx dot de Assigned: cmb (profile)
Status: Not a bug Package: *General Issues
PHP Version: 5.6.22 OS: Win 7
Private report: No CVE-ID: None
 [2016-06-06 18:34 UTC] toastboot at gmx dot de
Description:
------------
In advance I have to say, that it is not version 5.6.22 but 5.6.3 (german XAMPP installation) where I found the issue. I can't find this version in your list. Maybe you can change your list and then refer it correctly?!?

Normally I like the variable handling in PHP, that includes the possibility to be able to switch between var types but there is an issue with the var types. It can occur that an if-request will ignore the variable value... See more in the test script / example as follows...

Additional warning: I have not made any deeper checks but maybe it can cause security issues. In a simple check I saw, that it seems not to be possible to cause this issue via GET. There it works correctly (in my test scenario) but maybe there are other possibilities...


Test script:
---------------
$the_variable = 0;

/* make sth */

if($the_variable == "stop") {
# 'the_variable' is still set to 0
	echo "hello";
}

# This will cause the wrong behaviour that the code within the if-request will be executed / 'hello' is displayed.

# now try it vice versa:

$the_variable = "stop";
if($the_variable == 0) {
	echo "hello";
}

# The second if-request works as expected.

## Workaround ##
# use '===' instead of '=='




Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-06-06 18:47 UTC] cmb@php.net
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2016-06-06 18:47 UTC] cmb@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

Particularly, see <http://php.net/manual/en/types.comparisons.php>.
 [2016-06-07 08:40 UTC] toastboot at gmx dot de
Where is exactly this behaviour described? To refer only to the mainpage of the php manual is not helpful.

From my perspective it is a critical issue because: think about the situation that you check only text values and someone comes into the position to foist an integer on to the if-request of the script. Than you can cause unexpected behaviours and maybe open security issues (ie: if($password == "xyz") { echo "you are allowed to make this"; } -> $password = 0; will cause that the if-request does not bite).

Another point is that in one direction it works correctly but not in the other.

When I look at your position it says to me "hopefully the developer all uses '===' instead of '==' in such possible cases".
 [2016-06-07 08:57 UTC] toastboot at gmx dot de
Ok, sorry. Now I see the link (http://php.net/manual/en/types.comparisons.php), which I yesterday did not see in my mail with your comment, you posted here.

For me it is still a strange behaviour but ok. From now on I will make some extra checks in every critical area (1st checking for the right type).
 [2016-06-07 09:58 UTC] cmb@php.net
> For me it is still a strange behaviour but ok.

It has pros and cons, and one certainly one needs time to get used
to it. Anyhow, that's the way PHP works, and that's not likely to
change dramatically.

To be on the safe side, consider to use === instead of ==, and
consider filter_var() and friends:
<http://php.net/manual/en/book.filter.php>. And most importantly,
understand PHP's type juggling, see
<http://php.net/manual/en/language.types.type-juggling.php>. :)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 17:01:31 2024 UTC