From: tim at zero-interactive dot com Operating system: Win2K Pro PHP version: 4.3.2 PHP Bug Type: Variables related Bug description: Strange $_GET/$_POST Behaviour
Description: ------------ I'm pretty sure this is wrong, feel free to correct me if it is. Basically if you POST form data from a form that has its action set to "upload.php?action=add", you get both _GET and _POST data accessible to your script. It "seems" that the $_GET arrays is not respecting the HTTP headers sent by the browser and is getting its data by blindly parsing the url. Shouldn't it first check the headers sent to see if it was sent with the GET method? Reproduce code: --------------- The headers that my browser sent are as follows: http://192.168.4.105:8080/gallery/upload.php?action=add POST /gallery/upload.php?action=add HTTP/1.1 Host: 192.168.4.105:8080 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4b) Gecko/20030516 Mozilla Firebird/0.6 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate,compress;q=0.9 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://192.168.4.105:8080/gallery/upload.php Content-Type: multipart/form-data; boundary=---------------------------265001916915724 Content-Length: 1588 -----------------------------265001916915724 Content-Disposition: form-data; name="category" 2 -----------------------------265001916915724 Content-Disposition: form-data; name="photo_filename[]"; filename="" Content-Type: application/octet-stream -----------------------------265001916915724 Content-Disposition: form-data; name="photo_caption[]" -----------------------------265001916915724 Content-Disposition: form-data; name="photo_filename[]"; filename="" Content-Type: application/octet-stream -----------------------------265001916915724 Content-Disposition: form-data; name="photo_caption[]" -----------------------------265001916915724 Content-Disposition: form-data; name="photo_filename[]"; filename="" Content-Type: application/octet-stream -----------------------------265001916915724 Content-Disposition: form-data; name="photo_caption[]" -----------------------------265001916915724 Content-Disposition: form-data; name="photo_filename[]"; filename="" Content-Type: application/octet-stream -----------------------------265001916915724 Content-Disposition: form-data; name="photo_caption[]" -----------------------------265001916915724 Content-Disposition: form-data; name="photo_filename[]"; filename="" Content-Type: application/octet-stream -----------------------------265001916915724 Content-Disposition: form-data; name="photo_caption[]" -----------------------------265001916915724 Content-Disposition: form-data; name="addPhotos" Add Photos -----------------------------265001916915724-- HTTP/1.x 200 OK Date: Mon, 25 Aug 2003 05:14:35 GMT Server: Apache/2.0.44 (Win32) PHP/4.3.0 Accept-Ranges: bytes X-Powered-By: PHP/4.3.0 Transfer-Encoding: chunked Content-Type: text/html; charset=ISO-8859-1 ---------------------------------------------------------- Expected result: ---------------- I would have expected to get the action variable from parsing the url of the script rather than through the $_GET array. Seeing as only a POST HTTP header was sent and not a GET HTTP header, I wouldn't have expected to see anything at all in the $_GET array and definitely not a combination of both in $_REQUEST. The result of a print_r on $_GET, $_POST and $_REQUEST should be as follows: $_GET ----- Array ( ) $_POST ------ Array ( [category] => 2 [photo_caption] => Array ( [0] => [1] => [2] => [3] => [4] => ) [addPhotos] => Add Photos ) $_REQUEST --------- Array ( [category] => 2 [photo_caption] => Array ( [0] => [1] => [2] => [3] => [4] => ) [addPhotos] => Add Photos ) Actual result: -------------- The result that I ot back was this: $_GET ----- Array ( [action] => add ) $_POST ------ Array ( [category] => 2 [photo_caption] => Array ( [0] => [1] => [2] => [3] => [4] => ) [addPhotos] => Add Photos ) $_REQUEST --------- Array ( [action] => add [category] => 2 [photo_caption] => Array ( [0] => [1] => [2] => [3] => [4] => ) [addPhotos] => Add Photos ) -- Edit bug report at http://bugs.php.net/?id=25231&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=25231&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=25231&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=25231&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=25231&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=25231&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=25231&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=25231&r=support Expected behavior: http://bugs.php.net/fix.php?id=25231&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=25231&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=25231&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=25231&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=25231&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=25231&r=dst IIS Stability: http://bugs.php.net/fix.php?id=25231&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=25231&r=gnused
