php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #78663 Side effects with _SERVER var _SERVER['root']
Submitted: 2019-10-11 17:36 UTC Modified: 2019-10-11 17:51 UTC
From: flobee at gmail dot com Assigned:
Status: Not a bug Package: *General Issues
PHP Version: 7.3.10 OS: Deb10/ Sury's php packages
Private report: No CVE-ID: None
View Developer Edit
 [2019-10-11 17:36 UTC] flobee at gmail dot com 
Description:
------------
Hey

Some side effects i dont understand to address to but i can confirm the following:
Running as 'root' | 'user'
var_dump( in_array( 'root', $_SERVER ) ); // true | false
var_dump( isset( $_SERVER['root'] ) ); // false | false
var_dump( array_key_exists( 'root', $_SERVER ) ); // false | false

hmm.
So, my break point 'in_array( 'root', $_SERVER ) ? exit(1)..' works. To be save not running scripts under root, but:
I miss a documentation/suggestion or is this a bug?



Test script:
---------------
# Running as 'root' | 'user'
var_dump( in_array( 'root', $_SERVER ) ); // true | false
var_dump( isset( $_SERVER['root'] ) ); // false | false
var_dump( array_key_exists( 'root', $_SERVER ) ); // false | false

Expected result:
----------------
depends on implementation/ documentation.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-10-11 17:37 UTC] flobee at gmail dot com 
- PHP 7.3.10-1+0~20191008.45+debian10~1.gbp365209 (cli) (built: Oct  8 2019 05:49:09) ( NTS )
- Linux 4.19.0-6-amd64 # 1 SMP Debian 4.19.67-2+deb10u1 (2019-09-20) x86_64 GNU/Linux
 [2019-10-11 17:38 UTC] requinix@php.net
-Status: Open +Status: Not a bug
 [2019-10-11 17:38 UTC] requinix@php.net 
in_array() looks at array *values*, not keys.
 [2019-10-11 17:51 UTC] flobee at gmail dot com 
ahh stupid me! thx! 
ok, the third party tool seems to change the server vars. Thank you! 

Please close/ drop it! :-)
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Apr 18 17:01:25 2025 UTC