Phosphorus and Lime
A Developer's Broadsheet
This blog has been deprecated. Please visit my new blog at klenwell.com/press.
Thursday, October 05, 2006
PHP: SESSION array bug clarified
First posted on this here. I hastily posted some code there that summarizes the problem but doesn't actually reproduce it. The following code in fact reproduces it:
An online demo can be seen here:
http://westerndep.com/code/phparraybugtest.php
This is a really critical issue for me in choosing a host for some of my projects.
NOTE: just found this on the PHP bug site:
http://bugs.php.net/bug.php?id=36366
The developer's response:
I have followed the instructions on php.net and turned off register globals using an .htaccess file (the site notes that you can't use ini_set to turn off in runtime). I also tried this method. Nevertheless, I am still getting the error.
Correction: the .htaccess file appears to have fixed the problem. I had to restart my browser, however, before I could detect the change.
This site was quite helpful for me in solving this problem:
http://www.nyphp.org/phundamentals/ini.php
I'd also like to thank Jeff Petersen at Myriad Network for his assistance in sorting this out.
<?php
session_start();
if ( empty($_SESSION['is_reloaded']) )
{
$_SESSION['is_reloaded'] = 1;
$_SESSION['ARRAY'] = array( 1, 2, 3, 4);
session_write_close();
header("Location: {$_SERVER['PHP_SELF']}");
}
$ARRAY = array( 'new', 'values' );
if ( $_SESSION['ARRAY'][0] != 1 ) echo "you've been victimized by the PHP4 array namespace bug";
else { echo "bug not detected"; }
?>
session_start();
if ( empty($_SESSION['is_reloaded']) )
{
$_SESSION['is_reloaded'] = 1;
$_SESSION['ARRAY'] = array( 1, 2, 3, 4);
session_write_close();
header("Location: {$_SERVER['PHP_SELF']}");
}
$ARRAY = array( 'new', 'values' );
if ( $_SESSION['ARRAY'][0] != 1 ) echo "you've been victimized by the PHP4 array namespace bug";
else { echo "bug not detected"; }
?>
An online demo can be seen here:
http://westerndep.com/code/phparraybugtest.php
This is a really critical issue for me in choosing a host for some of my projects.
NOTE: just found this on the PHP bug site:
http://bugs.php.net/bug.php?id=36366
The developer's response:
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php
Turn off register_globals if you don't want this behaviour.
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php
Turn off register_globals if you don't want this behaviour.
I have followed the instructions on php.net and turned off register globals using an .htaccess file (the site notes that you can't use ini_set to turn off in runtime). I also tried this method. Nevertheless, I am still getting the error.
Correction: the .htaccess file appears to have fixed the problem. I had to restart my browser, however, before I could detect the change.
This site was quite helpful for me in solving this problem:
http://www.nyphp.org/phundamentals/ini.php
I'd also like to thank Jeff Petersen at Myriad Network for his assistance in sorting this out.
some rights reserved, © 2006
php.net