#31440 [Opn]: GLOBALS array overwritten from GET/POST/COOKIE vars

Fri, 21 Jan 2005 03:01:27 -0800 

 ID:               31440
 User updated by:  john at jelsoft dot com
 Reported By:      john at jelsoft dot com
 Status:           Open
 Bug Type:         Scripting Engine problem
 Operating System: All
 PHP Version:      4.3.10
 New Comment:

To reply to Iliaa, since my earlier comment was removed: this isn't
fixed in 200501210530 build. To reproduce, you need to turn
register_globals on.


Previous Comments:
------------------------------------------------------------------------

[2005-01-20 19:33:55] john at jelsoft dot com

phpinfo was requested: From [EMAIL PROTECTED] [2005-01-11 02:56:35] (a
message which was deleted):
"What Web server? Tell us more about your configuration as well."

Please just say that you don't want phpinfo rather than randomly
deleting messages and confusing us all.

Now how about this bug...it's been nearly 2 weeks for a pretty serious
bug IMHO...

------------------------------------------------------------------------

[2005-01-20 19:02:35] [EMAIL PROTECTED]

Please don't add the phpinfo() output if not asked for.


------------------------------------------------------------------------

[2005-01-19 00:53:31] [EMAIL PROTECTED]

Works fine with latest CVS.

------------------------------------------------------------------------

[2005-01-18 19:50:36] john at jelsoft dot com

I have just downloaded the latest snapshot and the bug remains. Build
date from my phpinfo() is Jan 18 2005 14:14:51.

------------------------------------------------------------------------

[2005-01-07 23:07:45] john at jelsoft dot com

Just to clarify why this is a very serious issue: any scripts using the
$GLOBALS array to clear all global variables set when registerglobals is
on (in order to simulate registerglobals being off) will run into major
problems. So:

foreach( $GLOBALS as $key => $val ) {
  unset( $$key );
}

if ( $_GET['expression'] ) {
  $output = "hello";
}
echo $output;

Will fail to unset all the global variables and so $output could have
bad values injected into it. It should be impossible to inject data
into $output, but this bug allows it to happen.

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/31440

-- 
Edit this bug report at http://bugs.php.net/?id=31440&edit=1

Reply via email to