Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:14971
Return-Path: <sniper@iki.fi>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 57019 invoked by uid 1010); 15 Feb 2005 14:05:06 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 56874 invoked from network); 15 Feb 2005 14:05:04 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 15 Feb 2005 14:05:04 -0000
X-Host-Fingerprint: 195.197.172.116 gw02.mail.saunalahti.fi Linux 2.4/2.6
Received: from ([195.197.172.116:51465] helo=gw02.mail.saunalahti.fi)
	by pb1.pair.com (ecelerity 1.2.11rc1 (r4431)) with SMTP
	id FD/1B-08075-09102124 for <internals@lists.php.net>; Tue, 15 Feb 2005 09:05:04 -0500
Received: from nest.netphobia.fi (YZCLXVIII.dsl.saunalahti.fi [85.76.34.69])
	by gw02.mail.saunalahti.fi (Postfix) with ESMTP id 9455EB81FA
	for <internals@lists.php.net>; Tue, 15 Feb 2005 13:39:05 +0200 (EET)
Received: from nest.netphobia.fi (nest.netphobia.fi [127.0.0.1])
	by nest.netphobia.fi (8.13.1/8.13.1) with ESMTP id j1FBd6kk001233
	for <internals@lists.php.net>; Tue, 15 Feb 2005 13:39:06 +0200
Received: from localhost (jani@localhost)
	by nest.netphobia.fi (8.13.1/8.13.1/Submit) with ESMTP id j1FBd4tY001230
	for <internals@lists.php.net>; Tue, 15 Feb 2005 13:39:06 +0200
X-Authentication-Warning: nest.netphobia.fi: jani owned process doing -bs
Date: Tue, 15 Feb 2005 13:39:04 +0200 (EET)
Reply-To: Jani Taskinen <sniper@iki.fi>
To: internals@lists.php.net
Message-ID: <Pine.LNX.4.61.0502151309350.22532@arfg.argcubovn.sv>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Subject: [PATCH] Fix for bug #31440 (GLOBALS can be by G/P/C when
	register_globals=On)
From: sniper@iki.fi (Jani Taskinen)


     Patch to fix is here:

         http://www.php.net/~jani/patches/bug31440.php_4_3_patch
         http://www.php.net/~jani/patches/bug31440.php_HEAD_patch

     In PHP_4_3 you can overwrite GLOBALS with these queries:

        ?GLOBALS[foo]=err or ?GLOBALS[]=foo or ?GLOBALS=foo

     In HEAD you can overwrite GLOBALS with this only:

        ?GLOBALS=foo

     I didn't investigate WHY that is the only type of query that
     "works" in HEAD branch but the same patch fixed that too.

     None of super-globals can be overwritten like this, be it
     register_globals On or Off.

     IMNSHO, GLOBALS should be "protected".
     (I don't say that this hacky patch of mine is the way, but it does the job :)

     --Jani