On 11/1/05, Jakub Vrana <[EMAIL PROTECTED]> wrote:
> Hello!
>
> E_NOTICE warns of uninitialized variables but doesn't warn of adding
> elements to an uninitialized array ($a[] = 5). It is a very similar
> problem so E_NOTICE should warn of it either.
>
> It's the same bad practice as working with uninitialized variables
> with the same security risks and IMHO the programmer should be warned
> of it.
>
> There is a bug regarding this topic marked as bogus by Iliia:
> http://bugs.php.net/bug.php?id=28151
>
> Is current behavior really expected and wanted?
>
> Jakub Vrana
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
This was brought up about 2 months ago with the additional point that
a notice here can alert one to possible script injections that can
occur when register_globals is on.
A simplistic example:
$auth['user'] = 'foo';
$auth['pass'] = 'bar';
if ($_REQUEST['user'] == $auth['user'] && $_REQUEST['pass'] == $auth['pass'])
{
// Do something that requires authentication
}
Which is exploitable when register_globals is on by
script.php?auth=123&user=b&pass=b
(http://www.colder.ch/news/09-09-2005/4/another-example-showing-t.html)
Of course register_globals should be off, but many hosts still
stupidly turn it on by default. Most* other code that is susceptible
to register_globals vulnerabilities will generate an E_NOTICE which
helps guard against silly mistakes of forgetting to initialize global
variables, at least.
This particular issue was brought up a year or two back when Sara
submitted a patch to add the notice which was discussed and rejected,
though the interaction with register_globals wasn't mentioned.
While I'd personally like an E_NOTICE here, I'm and outsider without
any karma so am just presenting some of the background on the issue.
* Of course it's possible to get rid of the notice while retaining the
register_globals vulnerability by using isset($globalvar) ? $globalvar
: '' but there's an E_NOTICE in the normal cases.
- Sharif
