ID: 8449
Updated by: sniper
Old Status: Open
Status: Closed
Bug Type: *Web Server problem
Operating System: linux
PHP Version: 4.0.4
New Comment:

This is fixed at least in PHP 4.0.6.
Maybe even earlier.


Previous Comments:

[2000-12-28 02:49:06] [EMAIL PROTECTED]

I was trying to make the example as short as possible so it
looks stupid but it clearly demonstrates the problem. 

Two short examples o *correct* behaviour first:

Example 1:
<form action="bug.php?age=12" method=post>
<input type=text size=32 name=sname>

the form sets age using url path and sname using post. I could use cookies for age but 
the example longer. The idea is to simultaniously use several different methods to 
pass the variables. Nothing unusual here.

tarck_vars and register_globals are both on so in bug.php
I have access to $HTTP_GET_VARS[age],$HTTP_POST_VARS[sname] and to $age, $sname. I 
have no $HTTP_GET_VARS[sname] and $HTTP_POST_VARS[age] and I should not to. So far so 

Example 2:
let's try the following:

<form action="bug.php?sname=Pupkin" method=post>
<input type=text size=32 name=sname value='Collins'>

I use the same variable name in both requests.
Now I have $HTTP_GET_VARS[sname] == 'Pupkin' and $HTTP_POST_VARS[sname]='Collins' and 
that is also correct and that is how can I check what method was used to pass the 
variable (the global $sname value depends on variables_order ofcourse)

Example 3: the bug

but let's put the variables into array:

<form action="bug?person[age]=12" method=post>
<input type=text size=32 name=person[sname]

Now I expect to have $person[age],$person[$sname] in my global space and 
$HTTP_GET_VARS[person][age]... right?

The bug is that I also have both $HTTP_POST_VARS[person][age] and

$HTTP_GET_VARS[person][sname] defined...

Do you see the problem? person[age] has somehow propagated into $HTTP_POST_VARS while 
I had no person[age] in my post request... Now I have no way to find how was that 
variable passed to my script... If I have an person[id] defined in the cookie then I 
suddenly have also person[age] and person[sname] defined in HTTP_COOKIE_VARS and 
pesron[id] defined in both POST_VARS and GET_VARS!

looks like a bug for me.




Edit this bug report at

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to