ID: 40586 Updated by: [EMAIL PROTECTED] Reported By: gk at gknw dot de -Status: Closed +Status: Open -Bug Type: Strings related +Bug Type: Documentation problem Operating System: at least NetWare, Win32 PHP Version: 4.4.x Assigned To: tony2001 New Comment:
I think we should document this instead, as changing it might cause security problems for people. Previous Comments: ------------------------------------------------------------------------ [2007-03-26 10:33:05] [EMAIL PROTECTED] This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. ------------------------------------------------------------------------ [2007-03-23 15:56:18] [EMAIL PROTECTED] This behavior is wrong. _gpc stands for GET, POST, COOKIE. ------------------------------------------------------------------------ [2007-02-21 20:30:40] gk at gknw dot de Description: ------------ With PHP 4.3.x and 4.4.x the _ENV superglobals get escaped if they contain backslahes and magic_quotes_gpc is on. This does happen with the Apache SAPI as well as with the CLI on commandline. When I getenv() same environment vars this doesnt happen. Also compared to PHP 5.2.x where this doesnt happen - regardless of the magic_quotes_gpc setting. I digged through the docu but couldnt find anything about this 'feature' mentioned with 4.x, nor the difference that it was dropped with 5.x. Expected result: ---------------- I think this 'feature' should be mentioned in the docu, and the difference between 4.x and 5.x behaviour, also because with 4.x magic_quotes_gpc is on by default. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=40586&edit=1
