Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:28722
Return-Path: <arpad@rajeczy.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 44539 invoked by uid 1010); 9 Apr 2007 13:41:17 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 44524 invoked from network); 9 Apr 2007 13:41:17 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 9 Apr 2007 13:41:17 -0000
Authentication-Results: pb1.pair.com header.from=arpad@rajeczy.com; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=arpad@rajeczy.com; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain rajeczy.com from 195.188.213.5 cause and error)
X-PHP-List-Original-Sender: arpad@rajeczy.com
X-Host-Fingerprint: 195.188.213.5 smtp-out2.blueyonder.co.uk Linux 2.5 (sometimes 2.4) (4)
Received: from [195.188.213.5] ([195.188.213.5:46121] helo=smtp-out2.blueyonder.co.uk)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 19/D9-01624-B724A164 for <internals@lists.php.net>; Mon, 09 Apr 2007 09:41:16 -0400
Received: from [172.23.170.146] (helo=anti-virus03-09)
	by smtp-out2.blueyonder.co.uk with smtp (Exim 4.52)
	id 1Hau7N-0004xo-38
	for internals@lists.php.net; Mon, 09 Apr 2007 14:41:13 +0100
Received: from [82.35.52.45] (helo=[192.168.123.132])
	by asmtp-out3.blueyonder.co.uk with esmtp (Exim 4.52)
	id 1Hau7M-0000sB-Fq
	for internals@lists.php.net; Mon, 09 Apr 2007 14:41:12 +0100
Message-ID: <461A4278.8070706@rajeczy.com>
Date: Mon, 09 Apr 2007 14:41:12 +0100
User-Agent: Thunderbird 1.5.0.10 (Windows/20070221)
MIME-Version: 1.0
To:  internals@lists.php.net
References: <4617A86C.3030007@rajeczy.com>
In-Reply-To: <4617A86C.3030007@rajeczy.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] magic_quotes_gpc behaviour
From: arpad@rajeczy.com (Arpad Ray)

Arpad Ray wrote:
> So, is this behaviour deliberate, and if so, what's the rationale?
>

The problem seems to be in (5.2.x CVS) php_variables.c, lines 161-166:

                if (PG(magic_quotes_gpc) && (index != var)) {
                    /* no need to addslashes() the index if it's the 
main variable name */
                    escaped_index = php_addslashes(index, index_len, 
&index_len, 0 TSRMLS_CC);
                } else {
                    escaped_index = index;
                }

If "&& (index != var)" is removed, all keys are escaped as expected. The 
equivalent line for keys of scalar variables (198) lacks this check 
since 5.0.0, and since then it has escaped them correctly. It's still 
there in the 4.4 branch.

Is there any reason not to remove this check, at least in the 5.2 branch?

Arpad