|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2012-12-26 12:33 UTC] spaghetti dot coder dot ru at gmail dot com
Description: ------------ --- From manual page: http://www.php.net/language.variables.basics --- It's still possible to create a variable violation the [a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]* rule Test script: --------------- <?php // $*noWay = ''; // PHP Parse error: parse error, expecting `T_VARIABLE' or `'$'' in php shell code on line 1 $hackIt = '*iAmASiPointer!!!'; $$hackIt = 'Howdy'; echo $$hackIt; echo "\n"; var_dump(get_defined_vars()); Expected result: ---------------- $$hackIt = 'Howdy'; line was supposed to trigger a PHP Parse error Actual result: -------------- Outputs: Howdy array(10) { ... ["hackIt"]=> string(17) "*iAmASiPointer!!!" ["*iAmASiPointer!!!"]=> string(4) "Howdy" } PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Tue Oct 28 18:00:01 2025 UTC |
In the same manner we can damage $this variable in a class php > class MyClass { php { public function __construct() { php { // ${'this'} = 'broken'; // will give us a fatal error php { $breakThis = 'this'; php { $$breakThis = 'broken'; // but this will serve fine php { var_dump($this); php { } php { } php > new MyClass(); string(6) "broken"