ID: 44273
Updated by: [EMAIL PROTECTED]
Reported By: paulscheltema at gmail dot com
-Status: Open
+Status: Bogus
Bug Type: Scripting Engine problem
Operating System: Windows XP / Linux Debian
PHP Version: 5.2.5
New Comment:
Maybe this explains it better:
<?php
class test {
public $public = 'public';
private $private = 'private';
protected $protected = 'protected';
}
$t = new test;
var_dump($t);
?>
And this will output everything, and it's expected and the correct
behaviour. It's about the properties being isible/not-visible/writable
to other classes. PPP is not meant for providing any security.
(I admit, I'm bad at explaining things. :)
Previous Comments:
------------------------------------------------------------------------
[2008-03-05 14:25:25] paulscheltema at gmail dot com
well, i guess its ok then, its just not what im used to with some other
languages
but i still think its wierd using protected to "protect" the data from
the outside world, but not quite doing so.
i now know storing vital information such as passwords inside class
variables even protected ones, doesnt help much.
so giving another developer access to an api doesnt protect me anymore
either
but if its no bug since changing the data isnt possible that way, so be
it.
and i have to say dont change the point:
first you say its about visibility,
i explain why it is,
next you say it doesnt matter because you cant change its value
------------------------------------------------------------------------
[2008-03-05 14:03:01] [EMAIL PROTECTED]
Yes, but can you _change_ it? (answer: no, not via that array..)
------------------------------------------------------------------------
[2008-03-04 13:27:58] paulscheltema at gmail dot com
I think the bug is that I CAN access private / protected class data at
runtime which neglects the whole point of private or protected data
inside classes. It is to be protected!
Why else use private data if you can access it anyway? its useless
then. its just obstruction instead of security. (security in terms of
data integrity)
On the positive side at least i can not change the data.
And to refer to your reaction precisely, lets have two classes A and B
A is instanciated and has a private property x which is set, class B
casts class A to an array and gains access to class A's private property
x. This is not directly about visibility but it allows class B to "view"
class A's private property x.
------------------------------------------------------------------------
[2008-03-03 13:41:02] [EMAIL PROTECTED]
Private/protected is about visibility between _classes_ not with a
class cast to an array. So what's the "bug" here?
------------------------------------------------------------------------
[2008-02-27 20:49:25] paulscheltema at gmail dot com
Description:
------------
Hello dear developer(s),
When i setup a simple class with a protected/private var,
instanciate the class, and cast the instance to an array
i can access the protected/private var.
Reproduce code:
---------------
class test {
public $public = 'public';
private $private = 'private';
protected $protected = 'protected';
}
$t = new test;
$a = (array)$t;
print '<br>public: '.$a['public'];
print '<br>private: '.$a["\0test\0private"];
print '<br>protected: '.$a["\0*\0protected"];
Expected result:
----------------
Expected:
public: public
Or at most an Error like:
Cannot access private property test::$private
as the value of the private property
Actual result:
--------------
Result:
public: public
private: private
protected: protected
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=44273&edit=1
