|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44031 vprint treats private object elements as array elements
Submitted: 2008-02-03 12:50 UTC Modified: 2020-12-21 22:02 UTC
Avg. Score:3.6 ± 0.9
Reproduced:5 of 6 (83.3%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: m dot beyer5 at gmx dot de Assigned: nikic (profile)
Status: Closed Package: *General Issues
PHP Version: 5.2.5 OS: Debian Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: m dot beyer5 at gmx dot de
New email:
PHP Version: OS:


 [2008-02-03 12:50 UTC] m dot beyer5 at gmx dot de
If an object is supplied instead of an array, v(s)printf takes the internal object elements as elements despite of its visibility.
This is not only quite annoying but could be a security issue as well.

Reproduce code:
class foo
    private $x = 1;
    private $y = 2;

$array = new foo;
vprintf('%s < %s',$array);

Expected result:
An E_WARNING should be triggered.
Alternatively, vprintf could take an object instantiating or extending ArrayObject and behave according to the objects functions.

Actual result:
vprintf prints:

1 < 2


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2015-05-17 18:28 UTC]
-Package: Feature/Change Request +Package: *General Issues
 [2015-05-17 18:28 UTC]
The behavior is not particularly related to vprinf(), but that is
rather how casting objects to arrays work in PHP, see
 [2016-02-21 12:40 UTC]
-Type: Feature/Change Request +Type: Bug
 [2016-02-21 12:40 UTC]
This is an artifact of vprintf not using zpp properly, it does manual argument handling instead and does it incorrectly.
 [2020-12-21 22:00 UTC] sji at sj-i dot dev
Cannot reproduce this on PHP 8.0.0 anymore.
 [2020-12-21 22:02 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: nikic
 [2020-12-21 22:02 UTC]
Closing per above comment.
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat Jan 16 05:01:23 2021 UTC