Edit report at https://bugs.php.net/bug.php?id=60219&edit=1
ID: 60219
Comment by: tim at xi dot co dot nz
Reported by: kieran at menor dot dk
Summary: POSTDATA periods (.) being converted to underscores
(_)
Status: Open
Type: Feature/Change Request
Package: Unknown/Other Function
PHP Version: Irrelevant
Block user comment: N
Private report: N
New Comment:
See:
https://wiki.php.net/rfc/url_dots
Previous Comments:
------------------------------------------------------------------------
[2012-01-23 20:08:33] kcerny at wirelesscapital dot com
The relevant code is found in the source file main/php_variables.c at line 94:
/* ensure that we don't have spaces or dots in the variable name (not
binary safe) */
for (p = var; *p; p++) {
if (*p == ' ' || *p == '.') {
*p='_';
} else if (*p == '[') {
is_array = 1;
ip = p;
*p = 0;
break;
}
}
I'm not sure what repercussions we'll face by removing that first if statement.
I would suggest controlling this replacement behavior using an INI setting for
backwards compatibility.
------------------------------------------------------------------------
[2011-11-15 04:20:32] pablitobof at yahoo dot com dot mx
PHP 5.4 alpha1 has just been released which removes register_globals. It seems
appropriate that there would be a matching move towards removing the now
unnecessary translation of characters in requests.
------------------------------------------------------------------------
[2011-11-04 14:10:02] kieran at menor dot dk
Not to mention, it's also potentially confusing and unexpected behavior for
people who didn't happen to read that tiny paragraph of the manual.
------------------------------------------------------------------------
[2011-11-04 14:04:59] kieran at menor dot dk
Description:
------------
This is documented "intended" behavior as per this section of the manual:
http://www.php.net/manual/en/language.variables.external.php#language.variables.external.dot-in-names
I'm guessing it's a leftover from back when register_globals a common thing.
It's been reported as a bug before a long time ago, and dismissed:
https://bugs.php.net/bug.php?id=30956
... but this is 2011, and I think it's worth giving it another go. Here's why:
First of all, nobody assigns POSTDATA directly to variables anymore. It all
goes through $_POST;
Secondly, the claim that you can't have periods in variable names is bogus (see
test script).
Lastly, the period is a good seperator to have available, and I understand that
certain services such as OpenID depend on it, as noted here:
http://stackoverflow.com/questions/68651/can-i-get-php-to-stop-replacing-characters-in-get-or-post-arrays#1939911
Test script:
---------------
${'sure.you.can'} = 'Foo';
var_dump($GLOBALS['sure.you.can']);
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=60219&edit=1
