php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77327 '0' == true, if on the right and stored as variable
Submitted: 2018-12-20 18:29 UTC Modified: 2018-12-20 18:36 UTC
From: pegasus at vaultwiki dot org Assigned:
Status: Not a bug Package: *General Issues
PHP Version: 7.2Git-2018-12-20 (Git) OS: Centos 7
Private report: No CVE-ID: None
 [2018-12-20 18:29 UTC] pegasus at vaultwiki dot org
Description:
------------
I recently noticed a behavior change in an application running on my web site where configuration values in the application that were disabled were being treated like they were still enabled. The application stores disabled values as '0' strings and relies on PHP's implicit conversion (bool)'0' to false.

I have reduced the test cases and it seems to be related to whether there is a truthy value to the left of the '0' in an AND expression, and the evaluation is being stored in a variable.

Depending on the way an application uses such an expression, this can have far-reaching implications for security and the integrity of the application data.

Discovered on 7.2.11 (although I noticed the behavior for quite some versions before that), and confirmed still occurring on Git branch 7.2 as of 12/20/18.

Test script:
---------------
// basic tests
var_dump(true AND '0'); // correctly returns false

$test = true AND '0';
var_dump($test); // returns true, should be false


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-12-20 18:34 UTC] Wes dot example at example dot org
I'm not sure if there's more but the operator precedence is not what you think it is

$test = true AND '0';

is equal to

($test = true) AND '0';

not

$test = (true AND '0');

https://3v4l.org/cZF7G
 [2018-12-20 18:36 UTC] nikic@php.net
-Status: Open +Status: Not a bug
 [2018-12-20 18:36 UTC] nikic@php.net
Not a bug, per previous comment. Use || / && instead of or / and unless you are *specifically* looking for the different precedence behavior.
 [2018-12-20 18:52 UTC] pegasus at vaultwiki dot org
Thanks. Did not realize that the lefty precedence crossed = 
I will forward the issue to the appropriate teams responsible for the affected application.
 [2021-09-18 00:41 UTC] gib-o-master at mail dot ru
if ('0') {echo 'never happen';}

but

if ([0]) {echo 'always happen';}

this is called inconsistency,
languages like JS/Python does not have
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 15:01:29 2024 UTC