From: phpbugreport at thedigitalnetwork dot com Operating system: Windows XP SP1 PHP version: 5CVS-2004-05-12 (dev) PHP Bug Type: Apache2 related Bug description: Backslashes no longer escaped in $_SERVER variables
Description: ------------ In PHP4.3.4, $_SERVER['HTTP_REFERER'], along with others like PATH, SystemRoot, COMSPEC and WINDIR, have any backslashes escaped. In PHP5RC2 & the current DEV (php5-win32-200405121430.zip) version, the items in $_SERVER are not escaped anymore. I could find no mention in the bug database or change logs, so I wondered if this was a change in the way Super Globals are handled, since $_SERVER is not part of "GPC"? Relevent INI settings: ---------------------- register_globals=Off register_argc_argv = Off gpc_order = "GPC" variables_order = "GPCS" magic_quotes_gpc = On magic_quotes_runtime = Off magic_quotes_sybase = Off ---------------------- Thanks for your assistance! Reproduce code: --------------- phpinfo(); Expected result: ---------------- Expect to see items in _SERVER with backslashes escaped: [HTTP_REFERER] => http://localhost/Browse.php?Category=\\Language%20Arts\\Reading\\Letter%20TV&Level=4 [PATH] => C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\Program Files\\Common Files\\GTK\\2.0\\bin [SystemRoot] => C:\\WINDOWS [COMSPEC] => C:\\WINDOWS\\system32\\cmd.exe Actual result: -------------- Unescaped backslashes: [HTTP_REFERER] => http://localhost/Browse.php?Category=\Language%20Arts\Reading\Letter%20TV&Level=4 [PATH] => C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\\TK\2.0\bin [SystemRoot] => C:\WINDOWS [COMSPEC] => C:\WINDOWS\system32\cmd.exe -- Edit bug report at http://bugs.php.net/?id=28373&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=28373&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=28373&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=28373&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=28373&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=28373&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=28373&r=needscript Try newer version: http://bugs.php.net/fix.php?id=28373&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=28373&r=support Expected behavior: http://bugs.php.net/fix.php?id=28373&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=28373&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=28373&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=28373&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=28373&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=28373&r=dst IIS Stability: http://bugs.php.net/fix.php?id=28373&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=28373&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=28373&r=float
