php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #81377 unset() of $GLOBALS sub-key yields warning
Submitted: 2021-08-21 20:00 UTC Modified: 2021-08-23 14:11 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: fmg at inspiredminds dot at Assigned: nikic (profile)
Status: Closed Package: *General Issues
PHP Version: 8.1Git-2021-08-21 (Git) OS:
Private report: No CVE-ID: None
View Developer Edit
 [2021-08-21 20:00 UTC] fmg at inspiredminds dot at 
Description:
------------
Trying to unset a sub-key in $GLOBALS yields an "Undefined global variable $foo" warning in PHP 8.1. See https://3v4l.org/3TLGo vs. https://3v4l.org/3TLGo/rfc for instance. The latter yields:

Warning: Undefined global variable $foo in /in/3TLGo on line 4

only in the current master version (for PHP 8.1).

Test script:
---------------
// This is fine
unset($GLOBALS['foo']);

// This yields an "Undefined global variable $foo"  warning
unset($GLOBALS['foo']['bar']);

Expected result:
----------------
unset() should not yield warnings for undefined $GLOBALS sub-keys.

Actual result:
--------------
The second unset() yields "Warning: Undefined global variable $foo"

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-08-22 15:30 UTC] antonino dot spampinato86 at gmail dot com 
From php 8.0.9 Creating/modifying with square bracket syntax $GLOBALS https://www.php.net/manual/en/language.types.array.php#language.types.array.syntax.modifying otherwise fatal error.
The isset function checks initialization and if not null of a variable, I think the change in reading has changed the behavior for unset on GLOBALS, yes it's a bug.

But it is good programming practice to know the available predefined types of php and the types of your code even if you are not sure to find the variable, otherwise the code change is synonymous with something that the programmer did not foresee .. It can mean hacker attack or more simply code modified by third parties (also the personalization of the php source and which does not coincide with the php team).

I think with this short piece of code it helps to understand, Rightly $GLOBALS, $_POST can be multidimensional or monodimensional arrays and therefore if you apply the fatal error in the writing phase it must coincide with all the variables that are arrays.
So this is a request not to show warnings on unset $GLOBALS even if the key/index does not exist or the variable is non-existent. Also, the features go to all types of array returns

Note* $_POST = null and valid context for array "function valid_superglobal()"

$var = array(array(null));
$_POST = null;
//if $_GET, $_POST, $_COOKIE, $_FILES, $_SERVER, $GLOBALS not multidimensional,
// or monodimensional array is bad code

$string = 'not valid';
if(valid_superglobal())
$string = 'valid';
unset($GLOBALS['var'][0]);
echo $string;
//delete all
unset($GLOBALS['var']);


function valid_superglobal() {
$result = false;
$return = false;
if(isset($GLOBALS) === true)
if(is_array($GLOBALS) === true) {
$return = true;
$result = array_key_exists('var', $GLOBALS);
if($result === true)
$result = array_key_exists(0, $GLOBALS['var']);
}
if($result !== true) {
unset($GLOBALS['var']);
$GLOBALS['var'] = null;
unset($GLOBALS['var']);
$GLOBALS['var'] = array(0 => null);
}

return $return;
}
 [2021-08-23 14:11 UTC] cmb@php.net
-Assigned To: +Assigned To: nikic
 [2021-08-23 14:11 UTC] cmb@php.net 
This is caused by the implementation of
<https://wiki.php.net/rfc/restrict_globals_usage>.  Not sure if
that is deliberate.  Nikita?
 [2021-08-24 13:06 UTC] git@php.net 
Automatic comment on behalf of nikic
Revision: https://github.com/php/php-src/commit/a40ccd758cb856bb4a175e0e025113ea7e9de50a
Log: Fixed bug #81377
 [2021-08-24 13:06 UTC] git@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 13:01:29 2024 UTC