From: famzah at icdsoft dot com Operating system: Linux PHP version: 5.2.5 PHP Bug Type: Variables related Bug description: Calling a bad eval() and then include(), resets $_REQUEST
Description: ------------ If you modify an element of $_REQUEST, then call eval() with some syntax error, and then include() or require() another file, the changes in $_REQUEST are reset to the original values of $_REQUEST at script's startup time. The changes in $_REQUEST are permanently lost and the include()'d file as well as the main PHP file then operate with the reset $_REQUEST values. Reproduce code: --------------- * Proof of concept: PHP 5.2.5 (bug): http://famzah.net/evalbug/index.php?test=abcdef PHP 4.4.8 (no bug): http://famzah.net/evalbug/index.php4?test=abcdef * Source code: PHP 5.2.5 (bug): http://famzah.net/evalbug/index.txt PHP 4.4.8 (no bug): http://famzah.net/evalbug/index4.txt Expected result: ---------------- The expected behavior is that after the modification of an element in $_REQUEST, all included files as well as the main PHP file must operate with the modified values of $_REQUEST, because this is a super-global variable. The above is currently true for all cases except when an eval() call is made which contains a syntax error. For example: eval('this is a syntax error'); I reproduced the bug using the following PHP versions: PHP 5.2.5 (cli), Zend Engine v2.2.0 PHP 5.2.5-3 with Suhosin-Patch 0.9.6.2 (cli), Zend Engine v2.2.0 The following PHP4 version does NOT have the bug: PHP 4.4.8 (cli), Zend Engine v1.3.0 Actual result: -------------- The bug situation is as follows: - We call "index.php" with a GET parameter ?test=abcdef - The script does and outputs the following: index.php: $_REQUEST value is: abcdef index.php: Modifying $_REQUEST by setting key 'test' to 'zzz' index.php: $_REQUEST value is: zzz index.php: Calling eval() with no syntax error. index.php: Including the 'dump.php' file... dump.php: $_REQUEST value is: zzz index.php: $_REQUEST value is: zzz index.php: Calling eval() with a syntax error. index.php: $_REQUEST value is: zzz index.php: Including the 'dump.php' file... dump.php: $_REQUEST value is: abcdef index.php: $_REQUEST value is: abcdef The last two lines must contain the value 'zzz', not 'abcdef'. -- Edit bug report at http://bugs.php.net/?id=44754&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=44754&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=44754&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=44754&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=44754&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=44754&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=44754&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=44754&r=needscript Try newer version: http://bugs.php.net/fix.php?id=44754&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=44754&r=support Expected behavior: http://bugs.php.net/fix.php?id=44754&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=44754&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=44754&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=44754&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=44754&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=44754&r=dst IIS Stability: http://bugs.php.net/fix.php?id=44754&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=44754&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=44754&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=44754&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=44754&r=mysqlcfg
