ID: 44754 Updated by: [EMAIL PROTECTED] Reported By: famzah at icdsoft dot com -Status: Open +Status: Bogus Bug Type: Scripting Engine problem Operating System: Linux PHP Version: 5.2.5 New Comment:
You're not supposed to modify any super-globals. Previous Comments: ------------------------------------------------------------------------ [2008-04-17 10:49:36] famzah at icdsoft dot com Description: ------------ If you modify an element of $_REQUEST, then call eval() with some syntax error, and then include() or require() another file, the changes in $_REQUEST are reset to the original values of $_REQUEST at script's startup time. The changes in $_REQUEST are permanently lost and the include()'d file as well as the main PHP file then operate with the reset $_REQUEST values. Reproduce code: --------------- * Proof of concept: PHP 5.2.5 (bug): http://famzah.net/evalbug/index.php?test=abcdef PHP 4.4.8 (no bug): http://famzah.net/evalbug/index.php4?test=abcdef * Source code: PHP 5.2.5 (bug): http://famzah.net/evalbug/index.txt PHP 4.4.8 (no bug): http://famzah.net/evalbug/index4.txt Expected result: ---------------- The expected behavior is that after the modification of an element in $_REQUEST, all included files as well as the main PHP file must operate with the modified values of $_REQUEST, because this is a super-global variable. The above is currently true for all cases except when an eval() call is made which contains a syntax error. For example: eval('this is a syntax error'); I reproduced the bug using the following PHP versions: PHP 5.2.5 (cli), Zend Engine v2.2.0 PHP 5.2.5-3 with Suhosin-Patch 0.9.6.2 (cli), Zend Engine v2.2.0 The following PHP4 version does NOT have the bug: PHP 4.4.8 (cli), Zend Engine v1.3.0 Actual result: -------------- The bug situation is as follows: - We call "index.php" with a GET parameter ?test=abcdef - The script does and outputs the following: index.php: $_REQUEST value is: abcdef index.php: Modifying $_REQUEST by setting key 'test' to 'zzz' index.php: $_REQUEST value is: zzz index.php: Calling eval() with no syntax error. index.php: Including the 'dump.php' file... dump.php: $_REQUEST value is: zzz index.php: $_REQUEST value is: zzz index.php: Calling eval() with a syntax error. index.php: $_REQUEST value is: zzz index.php: Including the 'dump.php' file... dump.php: $_REQUEST value is: abcdef index.php: $_REQUEST value is: abcdef The last two lines must contain the value 'zzz', not 'abcdef'. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=44754&edit=1
