php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44031 vprint treats private object elements as array elements
Submitted: 2008-02-03 12:50 UTC Modified: 2016-02-21 12:40 UTC
Votes:6
Avg. Score:3.7 ± 0.9
Reproduced:5 of 5 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: m dot beyer5 at gmx dot de Assigned:
Status: Open Package: *General Issues
PHP Version: 5.2.5 OS: Debian Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: m dot beyer5 at gmx dot de
New email:
PHP Version: OS:

 

 [2008-02-03 12:50 UTC] m dot beyer5 at gmx dot de
Description:
------------
If an object is supplied instead of an array, v(s)printf takes the internal object elements as elements despite of its visibility.
This is not only quite annoying but could be a security issue as well.

Reproduce code:
---------------
class foo
{
    private $x = 1;
    private $y = 2;
    
}

$array = new foo;
vprintf('%s < %s',$array);

Expected result:
----------------
An E_WARNING should be triggered.
Alternatively, vprintf could take an object instantiating or extending ArrayObject and behave according to the objects functions.

Actual result:
--------------
vprintf prints:

1 < 2

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-05-17 18:28 UTC] cmb@php.net
-Package: Feature/Change Request +Package: *General Issues
 [2015-05-17 18:28 UTC] cmb@php.net
The behavior is not particularly related to vprinf(), but that is
rather how casting objects to arrays work in PHP, see
<http://3v4l.org/3R6QT>.
 [2016-02-21 12:40 UTC] nikic@php.net
-Type: Feature/Change Request +Type: Bug
 [2016-02-21 12:40 UTC] nikic@php.net
This is an artifact of vprintf not using zpp properly, it does manual argument handling instead and does it incorrectly.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 05:01:27 2019 UTC