ID: 48379 Updated by: [email protected] Reported By: anchoa at cardumen dot info -Status: Open +Status: Feedback Bug Type: Variables related Operating System: linux PHP Version: 5.2.9 New Comment:
And register_globals is off..? Previous Comments: ------------------------------------------------------------------------ [2009-05-25 03:37:44] anchoa at cardumen dot info Description: ------------ Variables that have the same name as an associative POST or SESSION variable are assigned their values, For example, if $_SESSION['v1'] == "abcd", $v1 is assigned "abcd" instead of being left undefined. Reproduce code: --------------- See: http://testing.cardumen.com/session-bug.php Expected result: ---------------- The right behavior is for the four variables v1, v2, v3, and v4 to remain undefined. Actual result: -------------- Enter some data in text fields v1, v2, v3, and v4 Variables $v1, $v2, $v3, and $v4 will be assigned the values leaked from $_SESSION['v1'], $_SESSION['v2'], $_SESSION['v3'], and $_SESSION['v4'], If you comment out session_start(); and or $_SESSION = $_POST; the values will be leaked from $_POST. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=48379&edit=1
