|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #43483 get_class_methods() does not list all visible methods.
Submitted: 2007-12-03 13:44 UTC Modified: 2008-02-21 15:14 UTC
From: robin_fernandes at uk dot ibm dot com Assigned: dmitry (profile)
Status: Closed Package: Class/Object related
PHP Version: 5.3CVS-2007-12-03 (snap) OS: Windows
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: robin_fernandes at uk dot ibm dot com
New email:
PHP Version: OS:


 [2007-12-03 13:44 UTC] robin_fernandes at uk dot ibm dot com
get_class_methods() should list accessible private and protected methods if it is called from class scope (this is not stated explicitly in the doc, but is mentioned in Dmitry's comment to bug 32296).

However, the testcase below shows a situation where, at a given scope, a method is accessible yet not listed by get_class_methods().

Specifically, this occurs with protected methods accessed from a superclass scope.

Reproduced on php53 and php6 snaps on Windows.

Reproduce code:
class C {
	public static function test() {
class D extends C {
	protected static function prot() {
		echo "Successfully called D::prot().\n";

Expected result:
Successfully called D::prot().
array(2) {
  string(4) "prot"
  string(4) "test"

Actual result:
Successfully called D::prot().
array(1) {
  string(4) "test"


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2007-12-03 13:46 UTC] robin_fernandes at uk dot ibm dot com
The standard get_method handler (which is used to retrieve a method before executing it) uses zend_check_protected() to verify whether a protected method is accessible.
zend_check_protected() returns true if the current scope is the same as, a child of OR a parent of the protected method's declaring class.

However, get_class_methods() implements its own algorithm to filter out non visible methods.
This algorithm excludes protected methods unless the current scope is an "instance of" the method's declaring class (so it is more restrictive than zend_check_protected()):
if ((mptr->common.fn_flags & ZEND_ACC_PUBLIC) 
 || (EG(scope) &&
     (((mptr->common.fn_flags & ZEND_ACC_PROTECTED) &&
       instanceof_function(EG(scope), mptr->common.scope TSRMLS_CC))
 || ((mptr->common.fn_flags & ZEND_ACC_PRIVATE) &&
       EG(scope) == mptr->common.scope)))) {
 [2008-02-02 14:02 UTC]
I have reproduced the same issue on PHP 5.2.5 and PHP 5.3 (snapshot). There is patch here:

But not sure if it is a bug itself due to lack of specifications on docs.

 [2008-02-21 15:14 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu Sep 19 04:01:27 2019 UTC