ID: 21149 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Verified +Status: Closed Bug Type: Variables related Operating System: All PHP Version: 4.3.0-dev/4.4.0-dev Assigned To: iliaa New Comment:
This bug has been fixed in CVS. In case this was a PHP problem, snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. In case this was a documentation problem, the fix will show up soon at http://www.php.net/manual/. In case this was a PHP.net website problem, the change will show up on the PHP.net site and on the mirror sites in short time. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2002-12-23 18:50:03] [EMAIL PROTECTED] Updated description. ------------------------------------------------------------------------ [2002-12-22 17:04:34] [EMAIL PROTECTED] While doing a security audit on a PHP web app, I was able to bypass a variable check wich later allowed me to remotely execute commands on the web server. Although this was a programming error, I found it very odd the behaviour from PHP. Consider the following code as an example: <? if ( isset($HTTP_GET_VARS['test']) || isset($HTTP_POST_VARS['test']) || isset($HTTP_COOKIE_VARS['test']) ) { echo "not allowed\r\n"; exit; } else echo "test not defined, proceed\r\n"; echo "<pre>"; echo "test HTTP_GET_VARS: ".$HTTP_GET_VARS['test']; echo "\r\n"; echo "var test: $test\r\n"; echo "\r\n"; ?> Having this, and requesting the page as: ola.php?test[= The output will be: test not defined in HTTP_*_VARS test HTTP_GET_VARS: var test: Array So, 'test' is an array, but appears as no set in HTTP_*_VARS. Regards, Joao Gouveia ------------ [EMAIL PROTECTED] ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=21149&edit=1
