ID: 13961
Updated by: [email]iliaa@php.net[/email]
Reported By: lampa at fee dot vutbr dot cz
-Status: Verified
+Status: Bogus
Bug Type: Apache related
Operating System: any
PHP Version: 4CVS, 5CVS
Assigned To: derick
New Comment:

This is infact fixed php_register_variable() is actually a wrapper
around php_register_variable_safe() which always makes a copy of the
original before passing it to php_register_variable_ex().


Previous Comments:
------------------------------------------------------------------------

[2003-11-14 07:06:13] lampa at fee dot vutbr dot cz

Still not fixed in 4.3.4

------------------------------------------------------------------------

[2003-11-11 18:15:11] daniele at orlandi dot com

This bug is still present in php 4.3.4 and may be harmful since all the
BrowserMatch functionality to workaround browser bugs in Apache is
essentially disabled.

As a proof of concept i patched sapi/apache2handler/sapi_apache2.c
(apache2filter is probably affected too) and the problem went away.

Note that the patch may not be perfect as I don't know how Apache and
PHP work internally very well.

--- php-4.3.4/sapi/apache2handler/sapi_apache2.c 2003-10-02
05:24:43.000000000 +0200
+++ php-4.3.4-patched/sapi/apache2handler/sapi_apache2.c
2003-11-11 23:52:06.000000000 +0100
@@ -227,9 +227,14 @@
char *key, *val;
zval **path_translated_zv;

+ char *t;
+
APR_ARRAY_FOREACH_OPEN(arr, key, val)
if (!val) val = empty_string;
- php_register_variable(key, val, track_vars_array
TSRMLS_CC);
+
+ t = estrndup(key, strlen(key));
+ php_register_variable(t, val, track_vars_array
TSRMLS_CC);
+ efree(t);
APR_ARRAY_FOREACH_CLOSE()

------------------------------------------------------------------------

[2001-12-11 09:57:36] lampa at fee dot vutbr dot cz

Not fixed in 4.1.0. Why? To be clear, one call is neccessary:

for (i = 0; i < arr->nelts; i++) {
char *val,*key;

if (elts[i].val) {
val = elts[i].val;
} else {
val = empty_string;
}
key = estrdup(elts[i].key); /* HERE */
php_register_variable(key, val, track_vars_array
ELS_CC PLS_CC)
;
}


------------------------------------------------------------------------

[2001-11-07 04:33:03] [email]derick@php.net[/email]

This is not okay, PHP should not change the original key here.
Checking it out.

------------------------------------------------------------------------

[2001-11-07 01:56:30] lampa at fee dot vutbr dot cz

I don't think that FAQ solves that problem.
Look at the source code of Apache server. There
are several tests of the variable "force-response-1.0"
there. The problem is not that php code variable
is $force-response-1_0, that's OK, but the real
problem is that apache variable name in r->subprocess_env
is changed too. That's side effect and not pleasent.

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
[url]http://bugs.php.net/13961[/url]

--
Edit this bug report at [url]http://bugs.php.net/?id=13961&edit=1[/url]