php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #65357 get_object_vars behavior changed unexpected after version upgrade from php 5.3
Submitted: 2013-07-30 09:40 UTC Modified: 2016-11-19 17:39 UTC
From: phpbugreport at darkaura dot de Assigned:
Status: Wont fix Package: Reflection related
PHP Version: 5.4.17 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2013-07-30 09:40 UTC] phpbugreport at darkaura dot de 
Description:
------------
---
From manual page: http://www.php.net/function.get-object-vars
---

get_object_vars exposes more than it should if you wrap it in a closure.

Not only $this but every variable pointing to the object the closure is in is put 
in a state where the prototected and private variables can be read.

Test script:
---------------
<?php 
class Example 
{ 
    public $publicSetting = 'public'; 
    protected $protectedSetting = 'protected'; 
    private $privateSetting = 'private'; 
    
    public function showEverything() 
    { 
        return get_object_vars($this); 
    } 
    
    public function showMyPublicsOnly() 
    { 
        $analyse = function($object) { 
            return get_object_vars($object); 
        }; 
        return $analyse($object); 
    } 
}

$example = new Example();

Expected result:
----------------
$example->showMyPublicsOnly() //Outputs array('publicSetting' => 'public');

Actual result:
--------------
//PHP 5.3
$example->showMyPublicsOnly() //Outputs array('publicSetting' => 'public');

//PHP 5.4 and up
$example->showMyPublicsOnly() //Outputs array('publicSetting' => 'public', 
'protectedSetting' => 'protected', 'privateSetting' => 'private');

This change is not mentioned on the manual page.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-07-30 09:43 UTC] phpbugreport at darkaura dot de 
in the example the line should be:

return $analyse($this);
 [2013-07-30 11:14 UTC] johannes@php.net 
This is a effect of making $this available in closures. This example might be added to the documentation.
 [2013-07-30 11:16 UTC] johannes@php.net
-Type: Bug +Type: Documentation Problem
 [2013-08-13 11:07 UTC] phpbugreport at darkaura dot de 
Servus Johannes,
I mildly disagree in this not beeing at least a reduction of features.

There was an easy way to get only the publics of an object from inside that object (ask an object for its publics) that no longer exists.
Now you have to use the full reflections of the object which is slower or instanciate "something" else that is a real class with a name that then calls get_object_vars instead of something that dont has a name.

A other solution would be to have an additional parameter for get_object_vars() that is somehow telling the function what scope to use to analyse the object given.

best reg4rds
 [2016-11-19 17:39 UTC] nikic@php.net
-Status: Open +Status: Wont fix
 [2016-11-19 17:39 UTC] nikic@php.net 
You can restore the previous behavior using a static closure. Static closures are documented at http://php.net/manual/en/functions.anonymous.php#functions.anonymous-functions.static.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed Apr 24 20:01:32 2024 UTC