php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #43483 get_class_methods() does not list all visible methods.
Submitted: 2007-12-03 13:44 UTC Modified: 2008-02-21 15:14 UTC
From: robin_fernandes at uk dot ibm dot com Assigned: dmitry
Status: Closed Package: Class/Object related
PHP Version: 5.3CVS-2007-12-03 (snap) OS: Windows
Private report: No CVE-ID:
 [2007-12-03 13:44 UTC] robin_fernandes at uk dot ibm dot com
Description:
------------
get_class_methods() should list accessible private and protected methods if it is called from class scope (this is not stated explicitly in the doc, but is mentioned in Dmitry's comment to bug 32296).

However, the testcase below shows a situation where, at a given scope, a method is accessible yet not listed by get_class_methods().

Specifically, this occurs with protected methods accessed from a superclass scope.

Reproduced on php53 and php6 snaps on Windows.

Reproduce code:
---------------
<?php
class C {
	public static function test() {
		D::prot();
		var_dump(get_class_methods("D"));
	}
}
class D extends C {
	protected static function prot() {
		echo "Successfully called D::prot().\n";
	}
}
C::test();
?>

Expected result:
----------------
Successfully called D::prot().
array(2) {
  [0]=>
  string(4) "prot"
  [1]=>
  string(4) "test"
}

Actual result:
--------------
Successfully called D::prot().
array(1) {
  [0]=>
  string(4) "test"
}

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-12-03 13:46 UTC] robin_fernandes at uk dot ibm dot com
The standard get_method handler (which is used to retrieve a method before executing it) uses zend_check_protected() to verify whether a protected method is accessible.
zend_check_protected() returns true if the current scope is the same as, a child of OR a parent of the protected method's declaring class.

However, get_class_methods() implements its own algorithm to filter out non visible methods.
This algorithm excludes protected methods unless the current scope is an "instance of" the method's declaring class (so it is more restrictive than zend_check_protected()):
[...]
if ((mptr->common.fn_flags & ZEND_ACC_PUBLIC) 
 || (EG(scope) &&
     (((mptr->common.fn_flags & ZEND_ACC_PROTECTED) &&
       instanceof_function(EG(scope), mptr->common.scope TSRMLS_CC))
 || ((mptr->common.fn_flags & ZEND_ACC_PRIVATE) &&
       EG(scope) == mptr->common.scope)))) {
[...]
 [2008-02-02 14:02 UTC] msaraujo@php.net
I have reproduced the same issue on PHP 5.2.5 and PHP 5.3 (snapshot). There is patch here: http://jmcodex.com/patches/zend_builtin_functions.diff

But not sure if it is a bug itself due to lack of specifications on docs.



 [2008-02-21 15:14 UTC] dmitry@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 02:02:11 2014 UTC