|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #53109 htmlentities and htmlspecialchars problems with __toString
Submitted: 2010-10-20 08:36 UTC Modified: 2010-10-21 16:45 UTC
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: ibber_of_crew42 at hotmail dot com Assigned:
Status: Not a bug Package: Strings related
PHP Version: 5.2.14 OS: Irrelevant
Private report: No CVE-ID: None
 [2010-10-20 08:36 UTC] ibber_of_crew42 at hotmail dot com
When passing an instance of a class implementing __toString, as the first argument 
to htmlentities or htmlspecialchars, the object is apparently not always (maybe 
never?) cast to string before being pushed on the stack.
In some cases this will cause php to erronously output that the function requires 
parameter 2 to be long, unknown given. This seems to be an error from the 
underlying C function?
Sadly, I cannot provide a test script to reproduce the behaviour, but it should be 
easy enough to check whether my theory is correct.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2010-10-20 22:07 UTC]
-Status: Open +Status: Feedback
 [2010-10-20 22:07 UTC]
Thanks for your report.

However, I can't reproduce this with:

class A {
function __tostring() { return "aaa"; }

echo htmlspecialchars(new A());

Passing it to parameter 2, gives a message telling parameter 2 should be long, object given.

There's nothing out of the ordinary with the implementation of htmlentities/htmlspecialchars, so unless you have a way to reproduce this, I'll close it as bogus in the next few days.
 [2010-10-20 22:27 UTC]
By the way, your report sounds like there's some kind of memory corruption happening, so the problem is possibly something happening before the call to htmlentities. It would be great if you could reproduce this.
 [2010-10-21 07:44 UTC] ibber_of_crew42 at hotmail dot com
-Status: Feedback +Status: Open
 [2010-10-21 07:44 UTC] ibber_of_crew42 at hotmail dot com
Sadly, I cannot reproduce this. The circumstances under which I was able to 
produce it were very complicated.

As you mentioned it may have been provoked by some memory corruption occuring 
before the call. I repeatedly ran into the well known Segmentation Fault that 
the preg_-functions can produce, around the time this was occuring. It may be 
that the preg_-functions operating around the edge of seg faulting may actually 
corrupt their output?

Regarding the warning you are able to produce, by passing object as argument 
number 2: "htmlentities() expects parameter 2 to be long, object given". This 
must come from the underlying C function. PHP has no data type called long, as 
far as I know? That's a bug, right?

Either way, I'm fine with you closing this bug report. It should be a very rare 
 [2010-10-21 16:45 UTC]
-Status: Open +Status: Bogus
 [2010-10-21 16:45 UTC]
Without more information, this is impossible to fix. Right now, it could be anything.

If you find a way to reproduce this bug, please submit a new bug report with a test script.
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Thu Oct 22 12:01:25 2020 UTC