php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #65357 get_object_vars behavior changed unexpected after version upgrade from php 5.3
Submitted: 2013-07-30 09:40 UTC Modified: 2016-11-19 17:39 UTC
From: phpbugreport at darkaura dot de Assigned:
Status: Wont fix Package: Reflection related
PHP Version: 5.4.17 OS:
Private report: No CVE-ID: None
 [2013-07-30 09:40 UTC] phpbugreport at darkaura dot de
Description:
------------
---
From manual page: http://www.php.net/function.get-object-vars
---

get_object_vars exposes more than it should if you wrap it in a closure.

Not only $this but every variable pointing to the object the closure is in is put 
in a state where the prototected and private variables can be read.

Test script:
---------------
<?php 
class Example 
{ 
    public $publicSetting = 'public'; 
    protected $protectedSetting = 'protected'; 
    private $privateSetting = 'private'; 
    
    public function showEverything() 
    { 
        return get_object_vars($this); 
    } 
    
    public function showMyPublicsOnly() 
    { 
        $analyse = function($object) { 
            return get_object_vars($object); 
        }; 
        return $analyse($object); 
    } 
}

$example = new Example();

Expected result:
----------------
$example->showMyPublicsOnly() //Outputs array('publicSetting' => 'public');

Actual result:
--------------
//PHP 5.3
$example->showMyPublicsOnly() //Outputs array('publicSetting' => 'public');

//PHP 5.4 and up
$example->showMyPublicsOnly() //Outputs array('publicSetting' => 'public', 
'protectedSetting' => 'protected', 'privateSetting' => 'private');

This change is not mentioned on the manual page.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-07-30 09:43 UTC] phpbugreport at darkaura dot de
in the example the line should be:

return $analyse($this);
 [2013-07-30 11:14 UTC] johannes@php.net
This is a effect of making $this available in closures. This example might be added to the documentation.
 [2013-07-30 11:16 UTC] johannes@php.net
-Type: Bug +Type: Documentation Problem
 [2013-08-13 11:07 UTC] phpbugreport at darkaura dot de
Servus Johannes,
I mildly disagree in this not beeing at least a reduction of features.

There was an easy way to get only the publics of an object from inside that object (ask an object for its publics) that no longer exists.
Now you have to use the full reflections of the object which is slower or instanciate "something" else that is a real class with a name that then calls get_object_vars instead of something that dont has a name.

A other solution would be to have an additional parameter for get_object_vars() that is somehow telling the function what scope to use to analyse the object given.

best reg4rds
 [2016-11-19 17:39 UTC] nikic@php.net
-Status: Open +Status: Wont fix
 [2016-11-19 17:39 UTC] nikic@php.net
You can restore the previous behavior using a static closure. Static closures are documented at http://php.net/manual/en/functions.anonymous.php#functions.anonymous-functions.static.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 13:01:30 2024 UTC