PHP function altering passed parameter before processing

I'm debugging someone's formmail script. It's using a variable which is not passed to the script from the form, and which is never set to any value. The $sort variable is first referenced in the following code, prior to which $sort has not been defined or set to any value ($list has also not been previously referenced or set to any value):

    
// sort alphabetic or prepare an order
if ($sort == "alphabetic") {
   uksort($HTTP_POST_VARS, "strnatcasecmp");
} elseif ((ereg('^order:.*,.*', $sort)) && ($list = explode(',', ereg_replace('^order:', '', $sort)))) {
   $sort = $list;
}

Open in new window


Then $sort, as far as I can tell still set to nothing, gets passed to a function:
$content = parse_form($HTTP_POST_VARS, $sort);

Open in new window


The function description starts like this:
function parse_form($array, $sort = "") {

Open in new window

and then later on in the function there is this:
if (is_array($sort)) {
   foreach ($sort as $field) {

Open in new window

Is the function really setting the $sort field to null on the way in? And then accessing the null variable as an array? The headers for the email get written and sent, but none of the form fields get sent, and I suspect this strange processing of $sort is why.

Thanks,
Lissa
TheGrlGeekAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

XzKtoCommented:
It is better to use '===' condition where you can, '==' can give unexpected result, for example
if(0=='aaaa'){
   echo 'Equal.';
}

Open in new window

will output 'Equal.'.

I recomment to put
var_dump($sort);

Open in new window

before each operation with $sort and look what it will show.  You should put die() after
if (is_array($sort)) {
   foreach ($sort as $field) {

Open in new window

so that there will be no more output after our test output.
0
Chris StanyonWebDevCommented:
Any chance of seeing the whole script?
0
TheGrlGeekAuthor Commented:
Thanks, XzKto, I'll look into that tomorrow.

Chris, it's possible, I'll ask the client Monday.
0
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

TheGrlGeekAuthor Commented:
As I suspected the $sort is NULL everywhere. This version of the script has some var_dumps in it. Those are the only things I added. formmail2.php
0
TheGrlGeekAuthor Commented:
Hey y'all, $sort really is NULL, but that wasn't the problem. The programmer had used $HTTP_POST_VARS in the script instead of $_POST, and $HTTP_POST_VARS has been deprecated, and the PHP version on the server has been upgraded to 5. So the script wasn't picking up the form variables at all.

Thanks for the suggestion to add the var_dumps, XzKto.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Chris StanyonWebDevCommented:
Having had a quick look at the script, I would suggest upgrading to a later version of a formmail script.

Without going through it line-for-line, it looks like it relying on REGISTER_GLOBALS to be turned on in PHP. The default used to be for this to be turned on, but nowadays PHP turns this off by default.

You script is simply checking to see if a variable called 'sort' is set, and if it is, use it. With REGISTER_GLOBALS turned on, this variable would have been available from the POSTed FORM - something like this:

<input type="hidden" name="sort" value="alphabetic"/>

With REGISTER_GLOBALS turned off, you would have to access this variable like so:

$_POST['sort']

You could try turning REGISTER_GLOBALS on (which isn't recommended) or upgrade your script to one that gets it's info from the $POST array.

0
TheGrlGeekAuthor Commented:
The solution was not exactly related to the question, but the Experts gave me techniques to figure it out.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.