Bug #52428 [Com]: $this isn't immutable

2012-02-24 Thread stelian dot mocanita at gmail dot com 
Edit report at https://bugs.php.net/bug.php?id=52428&edit=1

 ID: 52428
 Comment by: stelian dot mocanita at gmail dot com
 Reported by:tyra3l at gmail dot com
 Summary:$this isn't immutable
 Status: Not a bug
 Type:   Bug
 Package:Scripting Engine problem
 Operating System:   all
 PHP Version:5.3.3
 Block user comment: N
 Private report: N

 New Comment:

I strongly disagree with this not being a bug. I came across some old code 
where 
I had $this->object out of a class context and it took me a lot of hours to 
track and still did not get to the bottom of it.

More than that, this is lacking consistency. It can't allow me to assign a 
value 
to $this using globals / variable variables and not allow me to assign it a 
value otherwise.

As far as I see it it's either: $this can be overwritten by any assignation 
method in php or it can't be overwritten at all. Allowing people to shoot 
themselves is a bad practice and it leads to shooting someone.

Thank you,
Stelian


Previous Comments:

[2010-07-26 11:30:33] tyra3l at gmail dot com

There was some reason for this check to be placed.
My problem with this behaviour that the 
$bar = 'baz';
should work the same as 
$foo='bar';$$foo = 'baz'; 
and same for the $foo vs $GLOBALS['foo']

Tyrael


[2010-07-26 11:20:33] degeb...@php.net

@dagdamor10: This has nothing to do with exploits at all. It poses no security 
risk being able to modify the $this variable by circumventing the simple check 
that is implemented.


[2010-07-26 10:51:25] tyra3l at gmail dot com

"what about abolishing everything related to safe_mode"
safe_mode has been DEPRECATED as of PHP 5.3.0. and will be removed with the 
next 
major php version.

Tyrael


[2010-07-26 10:32:24] dagdamor10 at mail dot ru

>> If you want you can shoot yourself in your head.

Okay, that was plain rude.

PHP *should* protect websites from possible exploits, what about abolishing 
everything related to safe_mode, allowed paths and such? To make a good site, 
people need good programming language... and good programming language should 
be accurate in range-checking, resource-protecting etc, instead of leaving all 
that to every programmer who decide to use it.


[2010-07-25 18:50:52] tyra3l at gmail dot com

Thanks for the clarification.

Did I something wrong in the report, or you just copypasted the "Thank you for 
taking the time to write to us..." part of your comment?

Maybe it would be a good thing to add this conclusion to the documentation 
(reassigning this isn't allowed, because ..., if you try it, it will give you 
an 
error "Cannot re-assign this..." [if you really need this, you can do...])

Tyrael




The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

https://bugs.php.net/bug.php?id=52428


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=52428&edit=1

Bug #52428 [Com]: $this isn't immutable

2010-07-26 Thread tyra3l at gmail dot com 
Edit report at http://bugs.php.net/bug.php?id=52428&edit=1

 ID: 52428
 Comment by: tyra3l at gmail dot com
 Reported by:tyra3l at gmail dot com
 Summary:$this isn't immutable
 Status: Bogus
 Type:   Bug
 Package:Scripting Engine problem
 Operating System:   all
 PHP Version:5.3.3
 Block user comment: N

 New Comment:

There was some reason for this check to be placed.

My problem with this behaviour that the 

$bar = 'baz';

should work the same as 

$foo='bar';$$foo = 'baz'; 

and same for the $foo vs $GLOBALS['foo']



Tyrael


Previous Comments:

[2010-07-26 11:20:33] degeb...@php.net

@dagdamor10: This has nothing to do with exploits at all. It poses no
security risk being able to modify the $this variable by circumventing
the simple check that is implemented.


[2010-07-26 10:51:25] tyra3l at gmail dot com

"what about abolishing everything related to safe_mode"

safe_mode has been DEPRECATED as of PHP 5.3.0. and will be removed with
the next 

major php version.



Tyrael


[2010-07-26 10:32:24] dagdamor10 at mail dot ru

>> If you want you can shoot yourself in your head.



Okay, that was plain rude.



PHP *should* protect websites from possible exploits, what about
abolishing everything related to safe_mode, allowed paths and such? To
make a good site, people need good programming language... and good
programming language should be accurate in range-checking,
resource-protecting etc, instead of leaving all that to every programmer
who decide to use it.


[2010-07-25 18:50:52] tyra3l at gmail dot com

Thanks for the clarification.



Did I something wrong in the report, or you just copypasted the "Thank
you for 

taking the time to write to us..." part of your comment?



Maybe it would be a good thing to add this conclusion to the
documentation 

(reassigning this isn't allowed, because ..., if you try it, it will
give you an 

error "Cannot re-assign this..." [if you really need this, you can
do...])



Tyrael


[2010-07-25 18:39:17] johan...@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

We prevent from mistakes, we don't prevent people from hurting them
purposely. If you want you can shoot yourself in your head.




The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

http://bugs.php.net/bug.php?id=52428


-- 
Edit this bug report at http://bugs.php.net/bug.php?id=52428&edit=1

Bug #52428 [Com]: $this isn't immutable

2010-07-26 Thread tyra3l at gmail dot com 
Edit report at http://bugs.php.net/bug.php?id=52428&edit=1

 ID: 52428
 Comment by: tyra3l at gmail dot com
 Reported by:tyra3l at gmail dot com
 Summary:$this isn't immutable
 Status: Bogus
 Type:   Bug
 Package:Scripting Engine problem
 Operating System:   all
 PHP Version:5.3.3
 Block user comment: N

 New Comment:

"what about abolishing everything related to safe_mode"

safe_mode has been DEPRECATED as of PHP 5.3.0. and will be removed with
the next 

major php version.



Tyrael


Previous Comments:

[2010-07-26 10:32:24] dagdamor10 at mail dot ru

>> If you want you can shoot yourself in your head.



Okay, that was plain rude.



PHP *should* protect websites from possible exploits, what about
abolishing everything related to safe_mode, allowed paths and such? To
make a good site, people need good programming language... and good
programming language should be accurate in range-checking,
resource-protecting etc, instead of leaving all that to every programmer
who decide to use it.


[2010-07-25 18:50:52] tyra3l at gmail dot com

Thanks for the clarification.



Did I something wrong in the report, or you just copypasted the "Thank
you for 

taking the time to write to us..." part of your comment?



Maybe it would be a good thing to add this conclusion to the
documentation 

(reassigning this isn't allowed, because ..., if you try it, it will
give you an 

error "Cannot re-assign this..." [if you really need this, you can
do...])



Tyrael


[2010-07-25 18:39:17] johan...@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

We prevent from mistakes, we don't prevent people from hurting them
purposely. If you want you can shoot yourself in your head.


[2010-07-24 11:36:17] tyra3l at gmail dot com

Description:

As some closed bug-reports and the "PHP Fatal error:  Cannot re-assign
$this" 

states, the $this should be read-only/inmutable  in PHP5.

but with some tricks(variable variables mostly), you can walk-around
this 

constraint.

See the Test script.

I don't know the importance of this restriction, and with reflection you
can shoot 

you in the leg anyway, so maybe this can be left as is.

Test script:
---
foo = 'bar';



//$this = $var; // PHP Fatal error:  Cannot re-assign $this



$GLOBALS['this'] = $var;



var_dump($this);



$var->foo = 'baz';



$foo = 'this';

$$foo = $var;



var_dump($this);



foo($this);



function foo($this){

  //global $this; // PHP Fatal error:  Cannot re-assign $this

  // $this = $GLOBALS['var']; // PHP Fatal error:  Cannot re-assign
$this

  var_dump($this);

  $GLOBALS['this']->foo = 'baw';

  $$GLOBALS['foo'] = $GLOBALS['this'];

  var_dump($this);

}



Expected result:

PHP Fatal error:  Cannot re-assign $this

for every attempt to overwrite $this

Actual result:
--
you can set $this in the global scope through $GLOBALS, with argument in


functions, and with variable variables in everywhere.






-- 
Edit this bug report at http://bugs.php.net/bug.php?id=52428&edit=1

Bug #52428 [Com]: $this isn't immutable

2010-07-26 Thread dagdamor10 at mail dot ru 
Edit report at http://bugs.php.net/bug.php?id=52428&edit=1

 ID: 52428
 Comment by: dagdamor10 at mail dot ru
 Reported by:tyra3l at gmail dot com
 Summary:$this isn't immutable
 Status: Bogus
 Type:   Bug
 Package:Scripting Engine problem
 Operating System:   all
 PHP Version:5.3.3
 Block user comment: N

 New Comment:

>> If you want you can shoot yourself in your head.



Okay, that was plain rude.



PHP *should* protect websites from possible exploits, what about
abolishing everything related to safe_mode, allowed paths and such? To
make a good site, people need good programming language... and good
programming language should be accurate in range-checking,
resource-protecting etc, instead of leaving all that to every programmer
who decide to use it.


Previous Comments:

[2010-07-25 18:50:52] tyra3l at gmail dot com

Thanks for the clarification.



Did I something wrong in the report, or you just copypasted the "Thank
you for 

taking the time to write to us..." part of your comment?



Maybe it would be a good thing to add this conclusion to the
documentation 

(reassigning this isn't allowed, because ..., if you try it, it will
give you an 

error "Cannot re-assign this..." [if you really need this, you can
do...])



Tyrael


[2010-07-25 18:39:17] johan...@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

We prevent from mistakes, we don't prevent people from hurting them
purposely. If you want you can shoot yourself in your head.


[2010-07-24 11:36:17] tyra3l at gmail dot com

Description:

As some closed bug-reports and the "PHP Fatal error:  Cannot re-assign
$this" 

states, the $this should be read-only/inmutable  in PHP5.

but with some tricks(variable variables mostly), you can walk-around
this 

constraint.

See the Test script.

I don't know the importance of this restriction, and with reflection you
can shoot 

you in the leg anyway, so maybe this can be left as is.

Test script:
---
foo = 'bar';



//$this = $var; // PHP Fatal error:  Cannot re-assign $this



$GLOBALS['this'] = $var;



var_dump($this);



$var->foo = 'baz';



$foo = 'this';

$$foo = $var;



var_dump($this);



foo($this);



function foo($this){

  //global $this; // PHP Fatal error:  Cannot re-assign $this

  // $this = $GLOBALS['var']; // PHP Fatal error:  Cannot re-assign
$this

  var_dump($this);

  $GLOBALS['this']->foo = 'baw';

  $$GLOBALS['foo'] = $GLOBALS['this'];

  var_dump($this);

}



Expected result:

PHP Fatal error:  Cannot re-assign $this

for every attempt to overwrite $this

Actual result:
--
you can set $this in the global scope through $GLOBALS, with argument in


functions, and with variable variables in everywhere.






-- 
Edit this bug report at http://bugs.php.net/bug.php?id=52428&edit=1