PHP :: Bug #77327 :: '0' == true, if on the right and stored as variable

Bug #77327	'0' == true, if on the right and stored as variable
Submitted:	2018-12-20 18:29 UTC	Modified:	2018-12-20 18:36 UTC
From:	pegasus at vaultwiki dot org	Assigned:
Status:	Not a bug	Package:	*General Issues
PHP Version:	7.2Git-2018-12-20 (Git)	OS:	Centos 7
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	pegasus at vaultwiki dot org
New email:
PHP Version:		OS:

New Comment:

[2018-12-20 18:29 UTC] pegasus at vaultwiki dot org

Description:
------------
I recently noticed a behavior change in an application running on my web site where configuration values in the application that were disabled were being treated like they were still enabled. The application stores disabled values as '0' strings and relies on PHP's implicit conversion (bool)'0' to false.

I have reduced the test cases and it seems to be related to whether there is a truthy value to the left of the '0' in an AND expression, and the evaluation is being stored in a variable.

Depending on the way an application uses such an expression, this can have far-reaching implications for security and the integrity of the application data.

Discovered on 7.2.11 (although I noticed the behavior for quite some versions before that), and confirmed still occurring on Git branch 7.2 as of 12/20/18.

Test script:
---------------
// basic tests
var_dump(true AND '0'); // correctly returns false

$test = true AND '0';
var_dump($test); // returns true, should be false

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2018-12-20 18:34 UTC] Wes dot example at example dot org

I'm not sure if there's more but the operator precedence is not what you think it is

$test = true AND '0';

is equal to

($test = true) AND '0';

not

$test = (true AND '0');

https://3v4l.org/cZF7G

[2018-12-20 18:36 UTC] nikic@php.net

-Status: Open +Status: Not a bug

[2018-12-20 18:36 UTC] nikic@php.net

Not a bug, per previous comment. Use || / && instead of or / and unless you are *specifically* looking for the different precedence behavior.

[2018-12-20 18:52 UTC] pegasus at vaultwiki dot org

Thanks. Did not realize that the lefty precedence crossed = 
I will forward the issue to the appropriate teams responsible for the affected application.

[2021-09-18 00:41 UTC] gib-o-master at mail dot ru

if ('0') {echo 'never happen';}

but

if ([0]) {echo 'always happen';}

this is called inconsistency,
languages like JS/Python does not have

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 14:01:32 2024 UTC