PHP :: Bug #59893 :: Spidermonkey able to access private vars

Bug #59893	Spidermonkey able to access private vars
Submitted:	2011-08-16 08:05 UTC	Modified:	2017-01-10 08:00 UTC
From:	lior dot kuyer at gfk dot com	Assigned:
Status:	Suspended	Package:	spidermonkey (PECL)
PHP Version:	5.3.3	OS:	SUSE Linux Enterprise Server 11
Private report:	No	CVE-ID:	None

View Developer Edit

[2011-08-16 08:05 UTC] lior dot kuyer at gfk dot com

Description:
------------
After registering a class, spidermonkey is able to access and modify any private variables within that class. This is also the case then assigning an instantiated class to spidermonkey.
This problem only occurs for private variables, not for private functions.

Reproduce code:
---------------
class DummyClass() {
	private $privateVar = 'value of private var';
}

$js = new JSContext();
$js->registerClass('DummyClass');
echo "Content of private variable is: ";var_export($js->evaluateScript("dc = new DummyClass;dc.privateVar;"));



Expected result:
----------------
Content of private variable is: null

Actual result:
--------------
Content of private variable is: value of private var

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2017-01-10 08:00 UTC] kalle@php.net

-Status: Open +Status: Suspended

[2017-01-10 08:00 UTC] kalle@php.net

Suspending this report as the extension have not had a release for almost 5 years.  Please revive this if the extension once again shows life

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Oct 22 07:00:01 2025 UTC