ID: 14425 Updated by: sniper Reported By: [EMAIL PROTECTED] Old Status: Open Status: Bogus Bug Type: Variables related Operating System: Linux (Mandrake 8.1) PHP Version: 4.0.6 New Comment:
RTFM: http://www.php.net/manual/en/function.extract.php "If extract_type is not specified, it is assumed to be EXTR_OVERWRITE. " Previous Comments: ------------------------------------------------------------------------ [2001-12-11 09:22:33] [EMAIL PROTECTED] Similarily, this bug is also found in class methods. class a { function test() { $a=array("this"=>"nothing","GLOBALS"=>"nothing"); extract($a); var_dump($this); var_dump($GLOBALS); } } $a=new a(); $a->test(); // Both this and GLOBALS are overwritten by extract. // I would have hoped that would not have happened. ------------------------------------------------------------------------ [2001-12-11 08:55:15] [EMAIL PROTECTED] //I did this: function test() { $a=array("GLOBALS"=>"nothing"); extract($a); var_dump($GLOBALS); } test(); // The script will overwrite the $GLOBALS variable // I did not want it to overwrite the $GLOBALS variable // Then in the global scope, I did this:$a=array("GLOBALS"=>"nothing"); extract($a); var_dump($GLOBALS); //The script did not overwrite the $GLOBALS variable. // It did what I wanted it to do. By allowing the extract function to overwrite global variables within a function can lead to serious security holes. Particularily if URL parameters are passed into a function that extracts them. (And then if my function still expects GLOBALS to be legit, it could be passed false information.) I suggest making extract unable to overwrite any global variables within a function. ($GLOBALS, and any variables declared global $x, etc..) As a second measure it might be good to make extract more conservative in general by defaulting to EXTR_SKIP instead of EXTR_OVERWRITE I can, of course, fix my own code for the time being to avoid this problem by using extract($params,EXTR_SKIP); However I think fixing the problem for PHP as a whole would help others as well. Thank you. Keep up the excellent work! Phil ------------------------------------------------------------------------ Edit this bug report at http://bugs.php.net/?id=14425&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
