PHP :: Bug #48665 :: class_alias allows impossible classes

Bug #48665	class_alias allows impossible classes
Submitted:	2009-06-23 16:29 UTC	Modified:	2009-06-23 16:40 UTC
From:	dams@php.net	Assigned:
Status:	Not a bug	Package:	Class/Object related
PHP Version:	5.3.0RC4	OS:	Mac OS X Server 10.5.6
Private report:	No	CVE-ID:	None

View Developer Edit

[2009-06-23 16:29 UTC] dams@php.net

Description:
------------
The original class is checked, but the checks a too lax on the alias 
itself. 

I suggest the alias's name should follow the same rules as the class 
itself.

Admittedly, the following may work in conjunction with the problem 
reported : 
<?php

class foo { }

var_dump(class_alias('foo', '$$$'));

$b = "$$$";
$a = new $b;
var_dump($a);
?>


Reproduce code:
---------------
<?php

class foo { }

var_dump(class_alias('foo', '999'));
var_dump(class_alias('foo', ''));
var_dump(class_alias('foo', true));
var_dump(class_alias('foo', false));
var_dump(class_alias('foo', null));
var_dump(class_alias('foo', '$$$'));
var_dump(class_alias('foo', ';;'));
var_dump(class_alias('foo', '"'));
var_dump(class_alias('foo', '::'));

?>


Expected result:
----------------
bool(false)
bool(false)
bool(false)
bool(false)
bool(false)
bool(false)
bool(false)
bool(false)
bool(false)


Actual result:
--------------
bool(true)
bool(true)
bool(true)
PHP Warning:  Cannot redeclare class  in /Users/alterway/bin/php-
5.3.0RC4/Zend/tests/- on line 8

Warning: Cannot redeclare class  in /Users/alterway/bin/php-
5.3.0RC4/Zend/tests/- on line 8
bool(false)
PHP Warning:  Cannot redeclare class  in /Users/alterway/bin/php-
5.3.0RC4/Zend/tests/- on line 9

Warning: Cannot redeclare class  in /Users/alterway/bin/php-
5.3.0RC4/Zend/tests/- on line 9
bool(false)
bool(true)
bool(true)
bool(true)
bool(true)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-06-23 16:40 UTC] johannes@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

That's kind of expected and is consistent with with stuff like define(), ${'what ever'} and others.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Oct 29 14:00:01 2025 UTC