NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1

View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0016882phplist applicationCommand Linepublic20-09-13 16:1626-09-13 15:09
PlatformCentOSOSlinuxOS Version5.3
Product Version3.0.2 
Target Version3.0.XFixed in Version3.0.4 
Summary0016882: cli break

function parseCline()
$GLOBALS["argv"] must be replaced with $_SERVER["argv"]
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
michiel (manager)
20-09-13 18:04

not necessarily. [^]
overload (reporter)
20-09-13 18:52

in my configuration $GLOBALS["argv"] is empty... I don't know where it is overwritten
michiel (manager)
20-09-13 19:54

can you give more arguments for this change? For example argv is being removed from PHP from version X onwards?

I guess it could include some detection of register_argc_argv and give an error or warning when it is not enabled. [^]
duncanc (developer)
20-09-13 22:59
edited on: 20-09-13 23:52

I have seen this problem a few times when trying to get cron jobs working.
In those cases php cli was running with register_globals on instead of the cli default of off.

The workaround that I use is to add an option to the command,
 -d register_globals=0

It is not clear to me, from the php documentation, why register_globals should affect argc and argv.

michiel (manager)
21-09-13 04:20

Ah, that might be the "unregister_globals" kicking in. For security, if register globals is on, they are all unregistered. But of a workaround for a major PHP insecurity, which I think is no longer valid, or at least is on the list to be obsoleted.

make sure register_globals is off
register-argc-argv is on

overload, can you verify this is the case, and the cause of this issue?
overload (reporter)
21-09-13 15:16

Sorry, I'm new to mantis...

Yes: the case is "register_globals is on" and the function unregister_GLOBALS() set $GLOBALS["argv"] to null

on line 21 (admin/index.php) $_SERVER['argv'] is used, so could be used also in the function parseCline() to avoid problems even if register_globals is on.

In cli use, it is not necessary to unregister_GLOBALS(), because there are no security problems (imho)
michiel (manager)
22-09-13 04:03

yes, I agree on CLI the unregister globals can be avoided. But at the same time, it is now (and has been for quite a few years) generally considered a bad thing to have register globals on, and it's advisable to switch it off.

Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker