PHP :: Bug #16064 :: array_merge_recursive() can be used for DoS

 [2002-03-14 09:23 UTC] sander@php.net

I'm sure you can come up with a load of nasty things you can do with $GLOBALS, but what do you want us to do about it? Disable $GLOBALS for use with array_* functions (it that's even possible)? Disable $GLOBALS at all?

 [2002-03-14 09:30 UTC] ahristov at icygen dot com

I have talked to Zeev about this issues. Asked them may I have to fill bug report and he said:
"They should either use hash_apply(), which automatically protects against 
recursion, or implement the recursion protection themselves (like print_r() 
does).  You can/should open bug reports about them..."
In the start Zeev talks about some functions that have problems with $GLOBALS and arrays that holds elements pointing ot itself.

 [2002-03-14 09:31 UTC] ahristov at icygen dot com

streplace('them','him',$previous_vote);

 [2002-05-16 16:24 UTC] tomat at lenderlabdot dot com

Your second example isn't like the first.  $a[0] is a reference to itself.  The first bonks because $GLOBALS['GLOBALS'] is a reference to $GLOBALS.  An equivalent is:
<?php
$a=array(1,2,3);
$a[3]=&$a;
array_merge_recursive($a,$a);
var_dump($a);
?>
which will produce the same results.  I'm submitting a feature request for array_recurse_safe($array) which returns an array with no infinite loops.

 [2002-09-10 13:36 UTC] andrei@php.net

This bug has been fixed in CVS.
In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.
In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
Thank you for the report, and for helping us make PHP better.