php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #45937 array_walk and array_walk_recursive can alter private/protected object variable
Submitted: 2008-08-27 16:05 UTC Modified: 2008-08-29 03:13 UTC
From: skarab at versus-clash dot com Assigned: felipe (profile)
Status: Closed Package: Arrays related
PHP Version: 5.2.6 OS: Linux 2.6 / Windows XP
Private report: No CVE-ID: None
View Developer Edit
 [2008-08-27 16:05 UTC] skarab at versus-clash dot com 
Description:
------------
array_walk and array_walk_recursive can alter private and protected object / class variables outside the scope of the object / class.

Reproduce code:
---------------
class Some_Class
{
    public $public = 'public string';
    protected $_protected = 'protected string';
    private $_private = 'private string';
}

function some_function(&$item, $key)
{
    $item = 'public access';
}

$Somme_Class = new Some_Class();
array_walk($Somme_Class, 'some_function');
echo '<pre>' . print_r($Somme_Class, true) . '</pre>';

$Another_Class = new Some_Class();
array_walk_recursive($Another_Class, 'some_function');
echo '<pre>' . print_r($Another_Class, true) . '</pre>';

Expected result:
----------------
Some_Class Object
(
    [public] => public access
    [_protected:protected] => protected string
    [_private:private] => protected string
)

Some_Class Object
(
    [public] => public access
    [_protected:protected] => protected string
    [_private:private] => private string
)

or an error message like : 
Fatal error: Cannot access protected property Some_Class::$_protected
or 
Warning: array_walk() expects parameter 1 to be array, object given

Actual result:
--------------
Some_Class Object
(
    [public] => public access
    [_protected:protected] => public access
    [_private:private] => public access
)

Some_Class Object
(
    [public] => public access
    [_protected:protected] => public access
    [_private:private] => public access
)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-08-29 03:13 UTC] felipe@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Fixed in 5_3 and HEAD. Now it works only with arrays.


Thanks.
 [2012-03-14 15:03 UTC] shurph at gmail dot com 
In php 5.3.5 this problem enabled, too.

Details about environment:
PHP Version 5.3.5-1ubuntu7.7 with the Suhosin Patch 0.9.10
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
    with Xdebug v2.1.0, Copyright (c) 2002-2010, by Derick Rethans

Ubuntu 10.04
Linux localhost 2.6.38-13-generic-pae #56-Ubuntu SMP Tue Feb 14 14:32:30 UTC 2012 i686
 [2015-07-23 08:54 UTC] ricardo dot seromenho at gmail dot com 
Hi. 

This is still happening, at least on PHP Version => 5.5.12


Test case
---------
class A
{
    private $b = 5;
}

function walking_objects(&$value) {
    if (is_object($value)) {
        array_walk_recursive($value, "walking_objects");
    } else {
        $value = 20;
    }
};

$a = array(new A(), 1, "c");
array_walk_recursive($a, "walking_objects");

print_r($a);

Expected Result:
Array
(
    [0] => A Object
        (
            [b:A:private] => 5
        )

    [1] => 20
    [2] => 20
)
or an exception. (but this result would be fine)

Actual Result:
Array
(
    [0] => A Object
        (
            [b:A:private] => 20
        )

    [1] => 20
    [2] => 20
)
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri May 09 05:01:27 2025 UTC