From: [EMAIL PROTECTED] Operating system: Linux (Mandrake 8.1) PHP version: 4.0.6 PHP Bug Type: Variables related Bug description: extract() can overwrite $GLOBALS within a function context
//I did this: function test() { $a=array("GLOBALS"=>"nothing"); extract($a); var_dump($GLOBALS); } test(); // The script will overwrite the $GLOBALS variable // I did not want it to overwrite the $GLOBALS variable // Then in the global scope, I did this:$a=array("GLOBALS"=>"nothing"); extract($a); var_dump($GLOBALS); //The script did not overwrite the $GLOBALS variable. // It did what I wanted it to do. By allowing the extract function to overwrite global variables within a function can lead to serious security holes. Particularily if URL parameters are passed into a function that extracts them. (And then if my function still expects GLOBALS to be legit, it could be passed false information.) I suggest making extract unable to overwrite any global variables within a function. ($GLOBALS, and any variables declared global $x, etc..) As a second measure it might be good to make extract more conservative in general by defaulting to EXTR_SKIP instead of EXTR_OVERWRITE I can, of course, fix my own code for the time being to avoid this problem by using extract($params,EXTR_SKIP); However I think fixing the problem for PHP as a whole would help others as well. Thank you. Keep up the excellent work! Phil -- Edit bug report at: http://bugs.php.net/?id=14425&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]