Edit report at http://bugs.php.net/bug.php?id=52685&edit=1
ID: 52685
Updated by: ahar...@php.net
Reported by: junior_xkr at hotmail dot com
Summary: Getting value from private/protected atribute.
-Status: Open
+Status: Bogus
Type: Bug
Package: Class/Object related
Operating System: Windows
PHP Version: Irrelevant
Block user comment: N
New Comment:
This is by design: protected and private aren't security measures, nor
are they intended to be.
Previous Comments:
------------------------------------------------------------------------
[2010-08-24 12:13:01] junior_xkr at hotmail dot com
Description:
------------
Using the function print_r(), you can view content of an class
attribute:
class Object
(
[attribute:private] => value
[fvox:protected] => synyster
)
But, if you try to access outside of class, the script will throw an
exception:
$fx = new fvox;
echo $fx->synyster;
Result:
Fatal error: Cannot access private property class::$fvox in ...
I don't know if it's really a bug, but i think it isn't safe.
Test script:
---------------
<?
class fvox {
private $synyster = 'invaders';
protected $fx = 'junior';
}
function getVars($class){
eval('$of = new '.$class);
ob_start();
print_r($of);
$buf = ob_get_contents();
ob_end_clean();
preg_match_all('/\[([^:]+):(private|protected)]/i', $buf, $vars);
preg_match_all('/=> (.+)/i', $buf, $values);
$r = array();
for($i=0;$i<count($vars[1]);$i++)
$r[$vars[1][$i]] = $values[1][$i];
return $r;
}
print_r(getVars('fvox();'));
?>
Expected result:
----------------
Array
(
)
Actual result:
--------------
Array
(
[synyster] => invaders
[fx] => junior
)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=52685&edit=1
