From: [EMAIL PROTECTED]
Operating system: Linux (Mandrake 8.1)
PHP version: 4.0.6
PHP Bug Type: Variables related
Bug description: extract() can overwrite $GLOBALS within a function context
//I did this:
function test()
{
$a=array("GLOBALS"=>"nothing");
extract($a);
var_dump($GLOBALS);
}
test();
// The script will overwrite the $GLOBALS variable
// I did not want it to overwrite the $GLOBALS variable
// Then in the global scope, I did this:$a=array("GLOBALS"=>"nothing");
extract($a);
var_dump($GLOBALS);
//The script did not overwrite the $GLOBALS variable.
// It did what I wanted it to do.
By allowing the extract function to overwrite global variables within a
function can lead to serious security holes. Particularily if URL
parameters are passed into a function that extracts them. (And then if my
function still expects GLOBALS to be legit, it could be passed false
information.)
I suggest making extract unable to overwrite any global variables within a
function. ($GLOBALS, and any variables declared global $x, etc..) As a
second measure it might be good to make extract more conservative in
general by defaulting to EXTR_SKIP instead of EXTR_OVERWRITE
I can, of course, fix my own code for the time being to avoid this problem
by using extract($params,EXTR_SKIP); However I think fixing the problem for
PHP as a whole would help others as well.
Thank you. Keep up the excellent work!
Phil
--
Edit bug report at: http://bugs.php.net/?id=14425&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
