PHP :: Bug #21820 :: [CRITICAL] "$arr['foo']" generates bogus E

Bug #21820

[CRITICAL] "$arr['foo']" generates bogus E_NOTICE, bc break

Submitted:

2003-01-22 09:19 UTC

Modified:

2003-04-25 05:15 UTC

Votes:	2
Avg. Score:	4.5 ± 0.5
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	0 (0.0%)

From:

george at omniti dot com

Assigned:

Status:

Closed

Package:

Scripting Engine problem

PHP Version:

4.3.2-RC1

OS:

Private report:

CVE-ID:

None

View Developer Edit

[2003-01-22 09:19 UTC] george at omniti dot com

I don't think this is a bug, but someone sent it to me via 
email, so I'm proxy-submitting:

Hello George-

I stumbled upon a serious bug in the string parser and it
goes something like this:

  $arr = array('foo' => 'bar');
  print "$arr['foo']";

This used to provide a parse error but now instead we get
this one of level E_NOTICE:

Notice: Undefined index:  'foo' in /tmp/a.php on line 4
/tmp/a.php(4) : Notice - Undefined index:  'foo'

This is a serious problem as it moved an error from
parse to E_NOTICE, fails silently as most have error
reporting turned down, shows a misleading error as foo
is defined, and breaks BC.

Tested latest 4_3 HEAD (4.3.1-dev).  I would try php5
but I get segfault when trying to compile/use it :)

Have a nice day,
Philip Olson

cc: derick

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-01-22 13:25 UTC] george at omniti dot com

patch up at http://www2.omniti.com/~george/
zend.patch.2002012101

patch allows for "$arr['foo']" to be parsed correctly (this 
seems better than disallowing it)

[2003-01-22 13:43 UTC] philip@php.net

Allowing it would be nice but this topic has come up many times.  Not sure why it's not been implemented though, maybe there are reasons?  I forget them.

One feature request for this:
http://bugs.php.net/bug.php?id=15677

[2003-01-22 13:45 UTC] george at omniti dot com

this patch fixes that feature request/bug as well

[2003-01-22 13:56 UTC] philip@php.net

Point was, maybe there is a reason this was not implemented.

And btw, this is a bug as 'foo' is defined yet the error says it's not.

[2003-01-22 19:53 UTC] sniper@php.net

Anyone remember in what version of PHP this did work? :)
Correct (?) way to do this is:

<?php

 $arr = array('foo' => 'bar');
 print "{$arr['foo']}";

?>

Or at least I've started to use that just because of this bug.

[2003-01-22 20:28 UTC] george at omniti dot com

This bug appeared in 4.3.0 as a result of the lexer changes 
added to ZE1 and ZE2 in november to speed up 
variableinterpolation in strings.  

Previous to 4.3 this was valid:

echo "$a[b]";
but 
echo "$a['b']"; generated a parse error.

The bug manifests itself by turning this parse error into a 
non-sensical E_NOTICE error.

The patch 'fixes' the bug by making 

echo "$a['b']";

work, which has been a pending feature request and seems 
nice (to me), or at least harmless.

[2003-02-13 12:52 UTC] philip@php.net

Marking as critical.  This is a serious bug as it's subtle and confuses newbies, especially when they/we try to use autoglobals in strings.  This bug fix really needs to make it into 4.3.1

[2003-02-13 13:04 UTC] gschlossnagle@php.net

I still maintain that the patch I posted is the right way 
to solve the problem.

$a['b'] is the 'correct' way to access an associative array 
outside of a quoted section, it should at least be allowed 
inside double quotes.  This encourages consisitency within 
the language.

[2003-02-25 04:50 UTC] sniper@php.net

Stig's reply on the mailing list:

Take consistency further, and you wonder should "'a'" === "a"?
No, so why should "$foo['a']" === "$foo[a]"?
The index is already quoted, it's inside the string.
The syntax we're talking about here is supposed to be 
straightforward and simple, and for any kind of tricks we 
recommend the "{$foo['a']}" syntax. IMHO this would bloat the syntax beyond straightforward.

--------

Thus we better keep it like it is now -> wont fix.

[2003-03-13 14:05 UTC] philip@php.net

This still provides a bogus E_NOTICE, which is the bug.  The feature request of "$arr['foo']" working is #15677 not #21820

To simply fix the bug, 4.3.2 should provide a parse error just like 4.2.3 does.

A/the discussion took place on the zend2 mailing list, which can be seen around here:

http://www.zend.com/lists/engine2/200302/maillist.html

Thread title: "[Zend Engine 2] fix for bug 21820"

[2003-04-23 02:34 UTC] sniper@php.net

It's been couple of weeks (almost :) since Andi promised
to fix this..maybe this will wake him up..

[2003-04-25 01:14 UTC] sniper@php.net

de-assign. :)

[2003-04-25 05:15 UTC] sniper@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

[2003-07-08 19:39 UTC] coda at bobandgeorge dot com

Argh; I was relying on the way that worked before, and when my server admin upgraded to 4.3.2, all my scripts stopped working. >_<

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 16:01:28 2024 UTC