Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:14987
Return-Path: <andi@zend.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 24358 invoked by uid 1010); 15 Feb 2005 21:09:53 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 24342 invoked from network); 15 Feb 2005 21:09:53 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 15 Feb 2005 21:09:53 -0000
X-Host-Fingerprint: 80.74.107.235 mail.zend.com Linux 2.5 (sometimes 2.4) (4)
Received: from ([80.74.107.235:43050] helo=mail.zend.com)
	by pb1.pair.com (ecelerity 1.2 (r4437)) with SMTP
	id FD/96-55914-C1562124 for <internals@lists.php.net>; Tue, 15 Feb 2005 16:09:52 -0500
Received: (qmail 14634 invoked from network); 15 Feb 2005 21:03:04 -0000
Received: from localhost (HELO andi-notebook.zend.com) (127.0.0.1)
	by localhost with SMTP; 15 Feb 2005 21:03:04 -0000
Message-ID: <5.1.0.14.2.20050215130230.02146780@localhost>
X-Sender: andi@localhost
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 15 Feb 2005 13:03:01 -0800
To: Jani Taskinen <sniper@iki.fi>,internals@lists.php.net
In-Reply-To: <Pine.LNX.4.61.0502151309350.22532@arfg.argcubovn.sv>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Subject: Re: [PHP-DEV] [PATCH] Fix for bug #31440 (GLOBALS can be by
	G/P/C when register_globals=On)
From: andi@zend.com (Andi Gutmans)
References: <Pine.LNX.4.61.0502151309350.22532@arfg.argcubovn.sv>

Jani,

Thanks for bringing this up. Will look into this.

Andi

At 01:39 PM 2/15/2005 +0200, Jani Taskinen wrote:

>     Patch to fix is here:
>
>         http://www.php.net/~jani/patches/bug31440.php_4_3_patch
>         http://www.php.net/~jani/patches/bug31440.php_HEAD_patch
>
>     In PHP_4_3 you can overwrite GLOBALS with these queries:
>
>        ?GLOBALS[foo]=err or ?GLOBALS[]=foo or ?GLOBALS=foo
>
>     In HEAD you can overwrite GLOBALS with this only:
>
>        ?GLOBALS=foo
>
>     I didn't investigate WHY that is the only type of query that
>     "works" in HEAD branch but the same patch fixed that too.
>
>     None of super-globals can be overwritten like this, be it
>     register_globals On or Off.
>
>     IMNSHO, GLOBALS should be "protected".
>     (I don't say that this hacky patch of mine is the way, but it does 
> the job :)
>
>     --Jani
>
>--
>PHP Internals - PHP Runtime Development Mailing List
>To unsubscribe, visit: http://www.php.net/unsub.php