View Issue Details

IDProjectCategoryView StatusLast Update
0016882phpList 3 applicationCommand Linepublic26-09-13 15:09
Reporteroverload Assigned To 
Status resolvedResolutionfixed 
PlatformCentOSOSlinuxOS Version5.3
Product Version3.0.2 
Target Version3.0.XFixed in Version3.0.4 
Summary0016882: cli break

function parseCline()
$GLOBALS["argv"] must be replaced with $_SERVER["argv"]
TagsNo tags attached.



20-09-13 18:04

administrator   ~0052271

not necessarily.


20-09-13 18:52

reporter   ~0052272

in my configuration $GLOBALS["argv"] is empty... I don't know where it is overwritten


20-09-13 19:54

administrator   ~0052273

can you give more arguments for this change? For example argv is being removed from PHP from version X onwards?

I guess it could include some detection of register_argc_argv and give an error or warning when it is not enabled.


20-09-13 22:59

updater   ~0052274

Last edited: 20-09-13 23:52

View 2 revisions

I have seen this problem a few times when trying to get cron jobs working.
In those cases php cli was running with register_globals on instead of the cli default of off.

The workaround that I use is to add an option to the command,
 -d register_globals=0

It is not clear to me, from the php documentation, why register_globals should affect argc and argv.


21-09-13 04:20

administrator   ~0052275

Ah, that might be the "unregister_globals" kicking in. For security, if register globals is on, they are all unregistered. But of a workaround for a major PHP insecurity, which I think is no longer valid, or at least is on the list to be obsoleted.

make sure register_globals is off
register-argc-argv is on

overload, can you verify this is the case, and the cause of this issue?


21-09-13 15:16

reporter   ~0052277

Sorry, I'm new to mantis...

Yes: the case is "register_globals is on" and the function unregister_GLOBALS() set $GLOBALS["argv"] to null

on line 21 (admin/index.php) $_SERVER['argv'] is used, so could be used also in the function parseCline() to avoid problems even if register_globals is on.

In cli use, it is not necessary to unregister_GLOBALS(), because there are no security problems (imho)


22-09-13 04:03

administrator   ~0052281

yes, I agree on CLI the unregister globals can be avoided. But at the same time, it is now (and has been for quite a few years) generally considered a bad thing to have register globals on, and it's advisable to switch it off.