ID: 45614 Updated by: [EMAIL PROTECTED] Reported By: robin_fernandes at uk dot ibm dot com -Status: Open +Status: Closed Bug Type: SPL related Operating System: all PHP Version: 5.3CVS-2008-07-24 (CVS) New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Fixed, thanks for the patch. Previous Comments: ------------------------------------------------------------------------ [2008-07-24 12:50:35] robin_fernandes at uk dot ibm dot com Description: ------------ If the first property of a class is private and an instance of that class is wrapped by ArrayIterator, that first private property may be exposed by ArrayIterator::current() and ArrayIterator::key(). Specifically, this occurs when: - current() and key() are called right after obtaining the iterator from ArrayObject::getIterator(), OR - current() and key() are called right after the iterator position was reset due to the current position becoming invalid. In the reproduce code below, notice how the iterator behaves differently depending on how it was returned to its starting position. This issue affects snaps from 5_2, 5_3 and HEAD. It can be fixed with some extra calls to spl_array_skip_protected() in spl_array.c. Proposed patch against 5_3: http://pastebin.ca/1081771 Reproduce code: --------------- <?php class C { private $priv1 = 'secret1'; private $priv2 = 'secret2'; public $pub1 = 'public1'; public $pub2 = 'public2'; public $pub3 = 'public3'; } function showFirstTwoItems($it) { echo str_replace("\0", '\0', $it->key()) . " => " . $it->current() . "\n"; $it->next(); echo str_replace("\0", '\0', $it->key()) . " => " . $it->current() . "\n"; } $ao = new ArrayObject(new C); $ai = $ao->getIterator(); echo "--> Show the first two items:\n"; showFirstTwoItems($ai); echo "\n--> Rewind and show the first two items:\n"; $ai->rewind(); showFirstTwoItems($ai); echo "\n--> Invalidate current position and show the first two items:\n"; unset($ai[$ai->key()]); $ai->current(); showFirstTwoItems($ai); ?> Expected result: ---------------- --> Show the first two items: pub1 => public1 pub2 => public2 --> Rewind and show the first two items: pub1 => public1 pub2 => public2 --> Invalidate current position and show the first two items: pub1 => public1 pub3 => public3 Actual result: -------------- --> Show the first two items: \0C\0priv1 => secret1 pub1 => public1 --> Rewind and show the first two items: pub1 => public1 pub2 => public2 --> Invalidate current position and show the first two items: \0C\0priv1 => secret1 pub1 => public1 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=45614&edit=1
