php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78663 Side effects with _SERVER var _SERVER['root']
Submitted: 2019-10-11 17:36 UTC Modified: 2019-10-11 17:51 UTC
From: flobee at gmail dot com Assigned:
Status: Not a bug Package: *General Issues
PHP Version: 7.3.10 OS: Deb10/ Sury's php packages
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: flobee at gmail dot com
New email:
PHP Version: OS:

 

 [2019-10-11 17:36 UTC] flobee at gmail dot com
Description:
------------
Hey

Some side effects i dont understand to address to but i can confirm the following:
Running as 'root' | 'user'
var_dump( in_array( 'root', $_SERVER ) ); // true | false
var_dump( isset( $_SERVER['root'] ) ); // false | false
var_dump( array_key_exists( 'root', $_SERVER ) ); // false | false

hmm.
So, my break point 'in_array( 'root', $_SERVER ) ? exit(1)..' works. To be save not running scripts under root, but:
I miss a documentation/suggestion or is this a bug?



Test script:
---------------
# Running as 'root' | 'user'
var_dump( in_array( 'root', $_SERVER ) ); // true | false
var_dump( isset( $_SERVER['root'] ) ); // false | false
var_dump( array_key_exists( 'root', $_SERVER ) ); // false | false

Expected result:
----------------
depends on implementation/ documentation. 


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-10-11 17:37 UTC] flobee at gmail dot com
- PHP 7.3.10-1+0~20191008.45+debian10~1.gbp365209 (cli) (built: Oct  8 2019 05:49:09) ( NTS )
- Linux 4.19.0-6-amd64 # 1 SMP Debian 4.19.67-2+deb10u1 (2019-09-20) x86_64 GNU/Linux
 [2019-10-11 17:38 UTC] requinix@php.net
-Status: Open +Status: Not a bug
 [2019-10-11 17:38 UTC] requinix@php.net
in_array() looks at array *values*, not keys.
 [2019-10-11 17:51 UTC] flobee at gmail dot com
ahh stupid me! thx! 
ok, the third party tool seems to change the server vars. Thank you! 

Please close/ drop it! :-)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 13 02:01:27 2024 UTC