php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #63854 PHP 5.3.15
Submitted: 2012-12-26 12:33 UTC Modified: 2013-01-08 03:04 UTC
From: spaghetti dot coder dot ru at gmail dot com Assigned:
Status: Wont fix Package: Documentation problem
PHP Version: 5.3Git-2012-12-26 (Git) OS: OS X 1.7.5, Win 7
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2012-12-26 12:33 UTC] spaghetti dot coder dot ru at gmail dot com
Description:
------------
---
From manual page: http://www.php.net/language.variables.basics
---
It's still possible to create a variable violation the [a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]* rule

Test script:
---------------
<?php
// $*noWay = ''; // PHP Parse error:  parse error, expecting `T_VARIABLE' or `'$'' in php shell code on line 1
$hackIt = '*iAmASiPointer!!!';
$$hackIt = 'Howdy';
echo $$hackIt;
echo "\n";
var_dump(get_defined_vars());


Expected result:
----------------
$$hackIt = 'Howdy'; line was supposed to trigger a PHP Parse error

Actual result:
--------------
Outputs:
Howdy
array(10) {
  ...
  ["hackIt"]=>
  string(17) "*iAmASiPointer!!!"
  ["*iAmASiPointer!!!"]=>
  string(4) "Howdy"
}

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-12-26 14:35 UTC] spaghetti dot coder dot ru at gmail dot com
In the same manner we can damage $this variable in a class

php > class MyClass {
php {     public function __construct() {
php {         // ${'this'} = 'broken'; // will give us a fatal error
php {         $breakThis = 'this';
php {         $$breakThis = 'broken'; // but this will serve fine
php {         var_dump($this);
php {     }
php { }
php > new MyClass();
string(6) "broken"
 [2013-01-08 03:04 UTC] aharvey@php.net
The regex given really only refers to the permitted characters in direct variable tokens ($foo) — you can always do things via indirect methods such as variable variables and $GLOBALS that don't conform to that.
 [2013-01-08 03:04 UTC] aharvey@php.net
-Status: Open +Status: Wont fix -Type: Bug +Type: Documentation Problem
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun May 19 14:01:32 2024 UTC