Bug #15678 Updated: isset fails for 4.1.1 and CVS version

Fri, 19 Apr 2002 11:27:49 -0700 

 ID:               15678
 Updated by:       [EMAIL PROTECTED]
 Reported By:      [EMAIL PROTECTED]
 Status:           Open
 Bug Type:         Variables related
 Operating System: i686-pc-linux-gnu
 PHP Version:      4.0CVS-2002-02-2
 New Comment:

Hello, 

i've noticed this error to and i think it is very critical.

I think the error has to do with strings that are checked as if they
were arrays.

example:

$string = 'wef23';
if(isset($string['key'])) {
        echo 'true';
} else {
        echo 'false';
}

it always returns true.

Tested with:

- PHP Version 4.1.1 (Linux infong 2.2.20-hap-2 #1 Fri Dec 14 17:08:09
CET 2001 m68k recovery) [Suse Linux]
- PHP Version 4.0.6 (OpenBSD i386.ports.openbsd.org 3.0 GENERIC#2
i386)
- PHP Version 4.1.0 (Windows NT 5.1 build 2600) [Windows XP]

You can get around this bug if you add an extra check:
if(is_array($string) && isset($string['key'])) 

but i think this could easily be done in the php c souces, or not?

bye

Lutz Warnke


Previous Comments:
------------------------------------------------------------------------

[2002-03-26 03:59:56] [EMAIL PROTECTED]

Not critical. PHP can not work around *all* user errors.

Derick

------------------------------------------------------------------------

[2002-02-28 04:29:13] [EMAIL PROTECTED]

OOPS.
isset() must not return FALSE when value is not set.

should be

isset() must not return TRUE when value is not set.



------------------------------------------------------------------------

[2002-02-28 03:47:28] [EMAIL PROTECTED]

This is critical bug in any cases.
isset() must not return FALSE when value is not set.  This is enough to
be a critical bug.

This bug is not only hard to find, but also can make security hole in
script. Don't you have script relys on isset() to grant access? (Well, 
I don't have actually since I like everything to be explicit, but some
users will have)
 

------------------------------------------------------------------------

[2002-02-27 07:24:00] [EMAIL PROTECTED]

not critical

------------------------------------------------------------------------

[2002-02-23 22:59:43] [EMAIL PROTECTED]

It should be fixed before 4.2.0 at least.
Hopefully before 4.1.2 :)

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/15678

-- 
Edit this bug report at http://bugs.php.net/?id=15678&edit=1

Reply via email to