On Mon, 21 May 2001, Rasmus Lerdorf wrote:
> Looks like this code in session.c is the culprit:
> int php_get_session_var(char *name, size_t namelen, zval ***state_var PLS_DC PSLS_DC 
> {
>         HashTable *ht = &EG(symbol_table);
>         if (!PG(register_globals))
>                 ht = Z_ARRVAL_P(PS(http_session_vars));
>         return zend_hash_find(ht, name, namelen + 1, (void **)state_var);
> }
> http_session_vars is only checked if register_globals is off.

I am the one who put that code in, actually when $HTTP_SESSION_VARS
support was added. I don't quite remember why it was done this way, but
I'm all for consistency. The question is what should it do if
register_globals is on and user doesn't set $HTTP_SESSION_VARS directly,
but rather registers a global variable and expects it to be saved. More
precisely, what takes precedence when register_globals is on, the global
value or the $HTTP_SESSION_VARS value?


"The galaxy is, in other words, an immensely, intrinsically,
and inexhaustibly interesting place." -- Iain M. Banks

PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to