php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78663 Side effects with _SERVER var _SERVER['root']
Submitted: 2019-10-11 17:36 UTC Modified: 2019-10-11 17:51 UTC
From: flobee at gmail dot com Assigned:
Status: Not a bug Package: *General Issues
PHP Version: 7.3.10 OS: Deb10/ Sury's php packages
Private report: No CVE-ID: None
 [2019-10-11 17:36 UTC] flobee at gmail dot com
Description:
------------
Hey

Some side effects i dont understand to address to but i can confirm the following:
Running as 'root' | 'user'
var_dump( in_array( 'root', $_SERVER ) ); // true | false
var_dump( isset( $_SERVER['root'] ) ); // false | false
var_dump( array_key_exists( 'root', $_SERVER ) ); // false | false

hmm.
So, my break point 'in_array( 'root', $_SERVER ) ? exit(1)..' works. To be save not running scripts under root, but:
I miss a documentation/suggestion or is this a bug?



Test script:
---------------
# Running as 'root' | 'user'
var_dump( in_array( 'root', $_SERVER ) ); // true | false
var_dump( isset( $_SERVER['root'] ) ); // false | false
var_dump( array_key_exists( 'root', $_SERVER ) ); // false | false

Expected result:
----------------
depends on implementation/ documentation. 


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-10-11 17:37 UTC] flobee at gmail dot com
- PHP 7.3.10-1+0~20191008.45+debian10~1.gbp365209 (cli) (built: Oct  8 2019 05:49:09) ( NTS )
- Linux 4.19.0-6-amd64 # 1 SMP Debian 4.19.67-2+deb10u1 (2019-09-20) x86_64 GNU/Linux
 [2019-10-11 17:38 UTC] requinix@php.net
-Status: Open +Status: Not a bug
 [2019-10-11 17:38 UTC] requinix@php.net
in_array() looks at array *values*, not keys.
 [2019-10-11 17:51 UTC] flobee at gmail dot com
ahh stupid me! thx! 
ok, the third party tool seems to change the server vars. Thank you! 

Please close/ drop it! :-)
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Apr 20 11:01:23 2021 UTC