|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #70088 is_callable() doesn't check if a class/method syntax is valid
Submitted: 2015-07-16 12:53 UTC Modified: 2015-07-16 15:59 UTC
From: olivier dot laviale at gmail dot com Assigned:
Status: Open Package: Variables related
PHP Version: 5.6.11 OS: MacOS, Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2015-07-16 12:53 UTC] olivier dot laviale at gmail dot com
is_callable(), with _syntax_only_ activated, only checks the type of the argument, not the actual syntax. For example "+{^not&a*callable}" is considered a callable just because it is a string.

I saw this bug report:, and I get it for class names, but what about function/method names? "+{^not&a*callable}" is definitely not a callable, or the parameter "syntax_only" is incredibly misleading.

Test script:
var_dump(is_callable('+{^not&a*callable}', true, $callable_name));
var_dump(is_callable(123, true));
var_dump(is_callable("123", true));
var_dump(is_callable([ "1", "2" ], true));

Expected result:
`"+{^not&a*callable}"` shouldn't be considred as a callable, neither should `[ "1", "2" ]`.


Actual result:
string(18) "+{^not&a*callable}"


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2015-07-16 13:33 UTC]
Maybe it could be improved if we check whether an object has __call() defined. But if it has __call() - there's no chance to know exactly what is callable, say this would work $obj->{"+{^not&a*callable}"}();. But I'd rather tend to say it is not a bug.

 [2015-07-16 13:50 UTC] olivier dot laviale at gmail dot com
Yes, you can invoke methods with invalid names if __call() is implemented, I don't think it's right, but that's a fact. My point is that the following code should return `false`:

var_dump(is_callable('+{^not&a*callable}', true, $callable_name));

Unless '+{^not&a*callable}' is a valid function name.

Also, I strongly believe that "syntax_only" is misleading. This is not syntax check, this is type check: a string, or an array with two values.
 [2015-07-16 15:59 UTC]
-Type: Bug +Type: Documentation Problem -Package: Scripting Engine problem +Package: Variables related
 [2015-07-16 15:59 UTC]
> Unless '+{^not&a*callable}' is a valid function name.

Well, this is a valid function name, e.g.

    $func = '+{^not&a*callable}';
    runkit_function_copy('strlen', $func);
    $func('foo'); // => 3
    is_callable($func, false); // => true
If is_callable($func, false) may return true, is_callable($func,
true) should never return false.

> Also, I strongly believe that "syntax_only" is misleading.

ACK. Therefore I'm changing to doc bug.
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sun May 26 13:01:25 2019 UTC