php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #59893 Spidermonkey able to access private vars
Submitted: 2011-08-16 08:05 UTC Modified: 2017-01-10 08:00 UTC
From: lior dot kuyer at gfk dot com Assigned:
Status: Suspended Package: spidermonkey (PECL)
PHP Version: 5.3.3 OS: SUSE Linux Enterprise Server 11
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: lior dot kuyer at gfk dot com
New email:
PHP Version: OS:

 

 [2011-08-16 08:05 UTC] lior dot kuyer at gfk dot com 
Description:
------------
After registering a class, spidermonkey is able to access and modify any private variables within that class. This is also the case then assigning an instantiated class to spidermonkey.
This problem only occurs for private variables, not for private functions.

Reproduce code:
---------------
class DummyClass() {
	private $privateVar = 'value of private var';
}

$js = new JSContext();
$js->registerClass('DummyClass');
echo "Content of private variable is: ";var_export($js->evaluateScript("dc = new DummyClass;dc.privateVar;"));



Expected result:
----------------
Content of private variable is: null

Actual result:
--------------
Content of private variable is: value of private var

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-10 08:00 UTC] kalle@php.net
-Status: Open +Status: Suspended
 [2017-01-10 08:00 UTC] kalle@php.net 
Suspending this report as the extension have not had a release for almost 5 years.  Please revive this if the extension once again shows life
 
PHP Copyright © 2001-2023 The PHP Group
All rights reserved. 		Last updated: Fri Sep 22 07:01:24 2023 UTC