|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2004-03-05 03:37 UTC] derick@php.net
[2004-03-05 07:00 UTC] redeye at erisx dot de
[2004-03-05 07:06 UTC] derick@php.net
[2004-03-14 12:53 UTC] andi@php.net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Mon Apr 07 15:01:31 2025 UTC |
Description: ------------ Using call_user_func_array you are able to call a private or protected method of any object. I think this should not be allowed as it will lead to bad programming style as you could use this bug to access methods which should be hidden. Reproduce code: --------------- <?php class foo { function __construct () { $this->bar('1'); } private function bar ( $param ) { echo 'Called function foo:bar('.$param.');<br>'; } } $foo = new foo(); call_user_func_array( array( $foo , 'bar' ) , array( '2' ) ); $foo->bar('3'); ?> Expected result: ---------------- Called function foo:bar(1); Fatal error: Call to private method foo::bar() from context '' in /www/htdocs/bug.php on line 14 Actual result: -------------- Called function foo:bar(1); Called function foo:bar(2); Fatal error: Call to private method foo::bar() from context '' in /www/htdocs/bug.php on line 17