php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #70088 is_callable() doesn't check if a class/method syntax is valid
Submitted: 2015-07-16 12:53 UTC Modified: 2015-07-16 15:59 UTC
From: olivier dot laviale at gmail dot com Assigned:
Status: Open Package: Variables related
PHP Version: 5.6.11 OS: MacOS, Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: olivier dot laviale at gmail dot com
New email:
PHP Version: OS:

 

 [2015-07-16 12:53 UTC] olivier dot laviale at gmail dot com 
Description:
------------
is_callable(), with _syntax_only_ activated, only checks the type of the argument, not the actual syntax. For example "+{^not&a*callable}" is considered a callable just because it is a string.

I saw this bug report: https://bugs.php.net/bug.php?id=64185&edit=2, and I get it for class names, but what about function/method names? "+{^not&a*callable}" is definitely not a callable, or the parameter "syntax_only" is incredibly misleading.

Test script:
---------------
var_dump(is_callable('+{^not&a*callable}', true, $callable_name));
var_dump($callable_name);
var_dump(is_callable(123, true));
var_dump(is_callable("123", true));
var_dump(is_callable([ "1", "2" ], true));

Expected result:
----------------
`"+{^not&a*callable}"` shouldn't be considred as a callable, neither should `[ "1", "2" ]`.

bool(false)
null
bool(false)
bool(false)
bool(false)

Actual result:
--------------
bool(true)
string(18) "+{^not&a*callable}"
bool(false)
bool(true)
bool(true)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-07-16 13:33 UTC] ab@php.net 
Maybe it could be improved if we check whether an object has __call() defined. But if it has __call() - there's no chance to know exactly what is callable, say this would work $obj->{"+{^not&a*callable}"}();. But I'd rather tend to say it is not a bug.

Thanks.
 [2015-07-16 13:50 UTC] olivier dot laviale at gmail dot com 
Yes, you can invoke methods with invalid names if __call() is implemented, I don't think it's right, but that's a fact. My point is that the following code should return `false`:

var_dump(is_callable('+{^not&a*callable}', true, $callable_name));

Unless '+{^not&a*callable}' is a valid function name.

Also, I strongly believe that "syntax_only" is misleading. This is not syntax check, this is type check: a string, or an array with two values.
 [2015-07-16 15:59 UTC] cmb@php.net
-Type: Bug +Type: Documentation Problem -Package: Scripting Engine problem +Package: Variables related
 [2015-07-16 15:59 UTC] cmb@php.net 
> Unless '+{^not&a*callable}' is a valid function name.

Well, this is a valid function name, e.g.

    $func = '+{^not&a*callable}';
    runkit_function_copy('strlen', $func);
    $func('foo'); // => 3
    is_callable($func, false); // => true
    
If is_callable($func, false) may return true, is_callable($func,
true) should never return false.

> Also, I strongly believe that "syntax_only" is misleading.

ACK. Therefore I'm changing to doc bug.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Mar 23 02:01:29 2025 UTC