php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #74545 Casting arrays to objects allows creation of attributes that start with \0
Submitted: 2017-05-05 08:58 UTC Modified: 2021-11-08 18:26 UTC
Votes:5
Avg. Score:4.2 ± 1.0
Reproduced:4 of 4 (100.0%)
Same Version:2 (50.0%)
Same OS:1 (25.0%)
From: daniil at daniil dot it Assigned:
Status: Verified Package: Class/Object related
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
MUST BE VALID
Solve the problem:
28 + 22 = ?
Subscribe to this entry?

 
 [2017-05-05 08:58 UTC] daniil at daniil dot it 
Description:
------------
Similar to #67300.
Due to the reasons described in http://stackoverflow.com/a/5484777, we cannot read or write to/from class attributes with names that start with \0 (chr(0) or the null char).

But casting arrays with keys that start with \0 to objects does not throw any kind of error or exception.

If the resulting object is var_dumped, Illegal member variable name notices are emitted.
The same happens if we iterate over the object using foreach.
If we try to access any of such properties directly, we get a fatal error with message "Cannot access property started with '\0'".

But, if we reconvert the object back to an array using get_object_vars or an array cast, the values can still be read.


Test script:
---------------
<?php
$object = (object)[chr(0).'a' => 'a', chr(0) => 'b'];

var_dump($object);

echo "\nenum properties:\n";
foreach ($object as $p => $v) {
    var_export($p);
}

echo "\nget value under key chr(0) with get_object_vars()\n";
var_dump(get_object_vars($object)[chr(0)]);
echo "\nget value under key chr(0).'a' with get_object_vars()\n";
var_dump(get_object_vars($object)[chr(0).'a']);

echo "\nget value under key chr(0) with array cast\n";
var_dump(((array)$object)[chr(0)]);
echo "\nget value under key chr(0).'a' with array cast\n";
var_dump(((array)$object)[chr(0).'a']);

echo "\nget value under key chr(0) directly\n";
var_dump($object->{chr(0)}); // FATAL ERROR

Expected result:
----------------
A fatal error while casting such arrays, or, if possible, removal of the code that prevents accessing properties that start with \0.

Actual result:
--------------
object(stdClass)#1 (2) {
PHP Notice:  Illegal member variable name in /home/pwrtelegram/aaa.php on line 4
  ["a"]=>
  string(1) "c"
PHP Notice:  Illegal member variable name in /home/pwrtelegram/aaa.php on line 4
  [""]=>
  string(1) "b"
}

enum properties:
PHP Notice:  Illegal member variable name in /home/pwrtelegram/aaa.php on line 7
PHP Notice:  Illegal member variable name in /home/pwrtelegram/aaa.php on line 7

get value under key chr(0) with get_object_vars()
string(1) "b"

get value under key chr(0).'a' with get_object_vars()
string(1) "c"

get value under key chr(0) with array cast
string(1) "b"

get value under key chr(0).'a' with array cast
string(1) "c"

get value under key chr(0) directly
PHP Fatal error:  Uncaught Error: Cannot access property started with '\0' in /home/pwrtelegram/aaa.php:22
Stack trace:
#0 {main}
  thrown in /home/pwrtelegram/aaa.php on line 22

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-05-05 12:12 UTC] daniil at daniil dot it 
Whoops, the object cast is actually
$object = (object)[chr(0).'a' => 'c', chr(0) => 'b'];
 [2021-11-08 18:26 UTC] cmb@php.net
-Status: Open +Status: Verified -Type: Bug +Type: Documentation Problem
 [2021-11-08 18:26 UTC] cmb@php.net 
> But casting arrays with keys that start with \0 to objects does
> not throw any kind of error or exception.

Not quite sure what to do about this.  While it is unfortunate,
that there is no notice, I wouldn't call it bug – more a feature
request.  However, it might be more important to document the
behavior, so switching to doc problem for now.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 25 17:01:29 2024 UTC