|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44031 vprint treats private object elements as array elements
Submitted: 2008-02-03 12:50 UTC Modified: 2016-02-21 12:40 UTC
Avg. Score:3.7 ± 0.9
Reproduced:5 of 5 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: m dot beyer5 at gmx dot de Assigned:
Status: Open Package: *General Issues
PHP Version: 5.2.5 OS: Debian Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2008-02-03 12:50 UTC] m dot beyer5 at gmx dot de
If an object is supplied instead of an array, v(s)printf takes the internal object elements as elements despite of its visibility.
This is not only quite annoying but could be a security issue as well.

Reproduce code:
class foo
    private $x = 1;
    private $y = 2;

$array = new foo;
vprintf('%s < %s',$array);

Expected result:
An E_WARNING should be triggered.
Alternatively, vprintf could take an object instantiating or extending ArrayObject and behave according to the objects functions.

Actual result:
vprintf prints:

1 < 2


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2015-05-17 18:28 UTC]
-Package: Feature/Change Request +Package: *General Issues
 [2015-05-17 18:28 UTC]
The behavior is not particularly related to vprinf(), but that is
rather how casting objects to arrays work in PHP, see
 [2016-02-21 12:40 UTC]
-Type: Feature/Change Request +Type: Bug
 [2016-02-21 12:40 UTC]
This is an artifact of vprintf not using zpp properly, it does manual argument handling instead and does it incorrectly.
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sun Oct 25 08:01:24 2020 UTC