Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:74703 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 58622 invoked from network); 3 Jun 2014 07:46:23 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 3 Jun 2014 07:46:23 -0000 Authentication-Results: pb1.pair.com smtp.mail=tyra3l@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=tyra3l@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.51 as permitted sender) X-PHP-List-Original-Sender: tyra3l@gmail.com X-Host-Fingerprint: 209.85.216.51 mail-qa0-f51.google.com Received: from [209.85.216.51] ([209.85.216.51:51715] helo=mail-qa0-f51.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id CA/60-56479-D4D7D835 for ; Tue, 03 Jun 2014 03:46:22 -0400 Received: by mail-qa0-f51.google.com with SMTP id w8so4265057qac.24 for ; Tue, 03 Jun 2014 00:46:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Dn3W2dBd9hTP6+CAKFkJ4cjPjH+rrDIazbZbjP3g6tA=; b=P+qA8fJdJ9UmhIHPKlPNMUz5O5cyXd4Sb3WzdJXVtkZlaRA3a09o9so/b6pFbruMcS UscpO6koKlJIXfMWq4ycHSf563lwv0p9rXqyt/W7PfY+tmaNBHUuWXuYIXip8072ZFGp K3oAcSD1fnLDzAai5EtTcwBZdWwNY5+yJ+WSn+LGTBkcm5kP//oUPY9J0wZhfFa5NGGK WyzueRUMWdQc2MQtGh92YpG4fi8/hfRrxiW5Puu/rjYUbI6pPtNAtbSkH8BGYBqfZpg5 jb4X94kNZKXVk6quSrON4oJZgHKPQpcW5CGRADP0hmSumx5GhFwThzhLMGOvpfNKYbTh 1rbw== MIME-Version: 1.0 X-Received: by 10.140.91.161 with SMTP id z30mr52480665qgd.65.1401781579371; Tue, 03 Jun 2014 00:46:19 -0700 (PDT) Received: by 10.140.17.77 with HTTP; Tue, 3 Jun 2014 00:46:19 -0700 (PDT) In-Reply-To: <537E65B6.3060205@gmail.com> References: <537E65B6.3060205@gmail.com> Date: Tue, 3 Jun 2014 09:46:19 +0200 Message-ID: To: Gary Mort Cc: internals Content-Type: multipart/alternative; boundary=001a113a84d2175d1904fae9b572 Subject: Re: [PHP-DEV] filter_input and auto_globals_jit From: tyra3l@gmail.com (Ferenc Kovacs) --001a113a84d2175d1904fae9b572 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Thu, May 22, 2014 at 11:01 PM, Gary Mort wrote: > Here is an oddity which I'm not sure how this is supposed to work. > > If you have auto_globals_jit enables then not only are super global > variables not initialized unless they are called, the underlying data > storage for the original data[used by filter_input] will not be populated= . > > As I read filter.c, there seems to be a weird schism on how it deals with > this. > https://github.com/php/php-src/blob/master/ext/filter/filter.c#L526 > > For INPUT_SERVER and INPUT_ENV it seems as if filter will make sure to > initialize the data, example: > if (PG(auto_globals_jit)) { > zend_is_auto_global("_SERVER", > sizeof("_SERVER")-1 TSRMLS_CC); > } > > For INPUT_POST, INPUT_GET, and INPUT_COOKIE however there is no safety ne= t. > > For example, with Just in Time: > test.php?var=3Dtest > > $before =3D filter_input(INPUT_GET); // $before =3D null > $var =3D $_GET('test'); // $var =3D 'test' > $after =3D filter_input(INPUT_GET); // $after =3D 'test' > > > So the question is, is this by design? In which case I'll update the > docs. Or is this an oversight? In which case I'll open a bug and submit= a > patch. > > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > could you fill a bug at https://bugs.php.net/ ? --=20 Ferenc Kov=C3=A1cs @Tyr43l - http://tyrael.hu --001a113a84d2175d1904fae9b572--