From: robin_fernandes at uk dot ibm dot com Operating system: all PHP version: 5.3CVS-2008-07-24 (CVS) PHP Bug Type: SPL related Bug description: ArrayIterator::current(), ::key() can show 1st private prop of wrapped object
Description: ------------ If the first property of a class is private and an instance of that class is wrapped by ArrayIterator, that first private property may be exposed by ArrayIterator::current() and ArrayIterator::key(). Specifically, this occurs when: - current() and key() are called right after obtaining the iterator from ArrayObject::getIterator(), OR - current() and key() are called right after the iterator position was reset due to the current position becoming invalid. In the reproduce code below, notice how the iterator behaves differently depending on how it was returned to its starting position. This issue affects snaps from 5_2, 5_3 and HEAD. It can be fixed with some extra calls to spl_array_skip_protected() in spl_array.c. Proposed patch against 5_3: http://pastebin.ca/1081771 Reproduce code: --------------- <?php class C { private $priv1 = 'secret1'; private $priv2 = 'secret2'; public $pub1 = 'public1'; public $pub2 = 'public2'; public $pub3 = 'public3'; } function showFirstTwoItems($it) { echo str_replace("\0", '\0', $it->key()) . " => " . $it->current() . "\n"; $it->next(); echo str_replace("\0", '\0', $it->key()) . " => " . $it->current() . "\n"; } $ao = new ArrayObject(new C); $ai = $ao->getIterator(); echo "--> Show the first two items:\n"; showFirstTwoItems($ai); echo "\n--> Rewind and show the first two items:\n"; $ai->rewind(); showFirstTwoItems($ai); echo "\n--> Invalidate current position and show the first two items:\n"; unset($ai[$ai->key()]); $ai->current(); showFirstTwoItems($ai); ?> Expected result: ---------------- --> Show the first two items: pub1 => public1 pub2 => public2 --> Rewind and show the first two items: pub1 => public1 pub2 => public2 --> Invalidate current position and show the first two items: pub1 => public1 pub3 => public3 Actual result: -------------- --> Show the first two items: \0C\0priv1 => secret1 pub1 => public1 --> Rewind and show the first two items: pub1 => public1 pub2 => public2 --> Invalidate current position and show the first two items: \0C\0priv1 => secret1 pub1 => public1 -- Edit bug report at http://bugs.php.net/?id=45614&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=45614&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=45614&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=45614&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=45614&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=45614&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=45614&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=45614&r=needscript Try newer version: http://bugs.php.net/fix.php?id=45614&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=45614&r=support Expected behavior: http://bugs.php.net/fix.php?id=45614&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=45614&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=45614&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=45614&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=45614&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=45614&r=dst IIS Stability: http://bugs.php.net/fix.php?id=45614&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=45614&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=45614&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=45614&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=45614&r=mysqlcfg