Last modified: 2008-02-26 22:33:46 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T15139, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 13139 - Merging $_GET and $_POST with array_merge is a bad idea
Merging $_GET and $_POST with array_merge is a bad idea
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
General/Unknown (Other open bugs)
1.12.x
PC Linux
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks: 13074
  Show dependency treegraph
 
Reported: 2008-02-24 23:39 UTC by BABE Louis Remi
Modified: 2008-02-26 22:33 UTC (History)
3 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description BABE Louis Remi 2008-02-24 23:39:56 UTC
Recently, the way we deal with REQUEST datas has changed (see r1=29192&r2=30882">http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/WebRequest.php?r1=29192&r2=30882).
We doesn't use any more $_REQUEST, instead we merge $_GET and $_POST with array_merge($_GET, $_POST) and $_POST overrides $_GET datas wich share same keys (see http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/includes/WebRequest.php?annotate=30882#l53).
But the array_merge function has a side effect : pure numeric (not beginning with 0) keys of $_GET and $_POST are changed (see http://fr2.php.net/manual/en/function.array-merge.php)!
Despite the fact that numeric names are forbidden in HTML (see http://www.w3.org/TR/html4/types.html#type-cdata), people using them in extension (for example) will get confused. Moreover, it breaks some backward compatibility, for example with the quiz extension (see https://bugzilla.wikimedia.org/show_bug.cgi?id=13074 and test that : http://en.wikiversity.org/wiki/User:McCormack/quiz_test).

Solutions are :
- changing $this->data = array_merge($_GET, $_POST); simply with $this->data = $_GET + $_POST; wich should works as expected and does'nt seems to have any contraindication (once again, see http://fr2.php.net/manual/en/function.array-merge.php).
- checking both $_POST and $_GET for pure numeric keys and throwing an exception.


PS : I apologize for my poor english level.
Comment 1 Aryeh Gregor (not reading bugmail, please e-mail directly) 2008-02-24 23:52:06 UTC
CC'ing Brion, who committed r30882.
Comment 2 Brion Vibber 2008-02-26 22:33:46 UTC
Fixed in r31327. Replaced array_merge() with wfArrayMerge() which behaves in a sane fashion.

Gee, I wish we didn't have to reimplement half of PHP's standard library.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links