ID: 17874
Comment by: icecube at fr dot fm
Reported By: che at atlantic dot net
Status: Bogus
Bug Type: Output Control
Operating System: Windows 2000
PHP Version: 4.2.0
New Comment:
<?
$foo=var_export($GLOBALS,TRUE);
?>
(whithout or not output buffering).
It's the same problem: var_export outputs to the screen $GLOBALS and
then die with an error message.
So that's not a bug...
Ok now imagine you're using a this script in in your website, and you
haven't noticed that error.
With an example it's more easy to understand:
<?
function save_anywhere($foo) {
$save=var_export($foo,TRUE);
/* ... */
}
save_anywhere(&$GLOBALS);
?>
You wish to save $GLOBALS for a any reason (log, ...) and what's the
result ? var_export produces an error and outputs ALL your variables
directly to the user, wich now can hack your site just because he has
your $mdp = "..." :)
It's maybe not necessary to output a variable that was destinated (with
the second parameter TRUE) to be stocked anywhere except in the user
HD.
Previous Comments:
------------------------------------------------------------------------
[2002-06-20 12:12:32] [EMAIL PROTECTED]
Not a b. var_export() dies in recursive arrays. var_export() uses
output buffering internally to deal with the second parameter. The
(internal) ob_end_clean() call will never make it because PHP dies
before it reaches that point and then it just outputs all buffers.
------------------------------------------------------------------------
[2002-06-20 12:02:27] che at atlantic dot net
This is because GLOBALS is recursively linked to itself and it is
causing var_export to die.
------------------------------------------------------------------------
[2002-06-20 11:47:02] che at atlantic dot net
The code below outputs to the screen. (Even with output buffering)
ob_start();
$v = var_export($GLOBALS, TRUE);
ob_end_clean();
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=17874&edit=1
