private/protected loophole
Posted: Sat Feb 03, 2007 8:22 pm
I recall reading an article a while back on PHP5 having a loophole (using one of the class functions?) which allowed manipulation of private/protected variables as though they were normally accessible member variables...
Anyone know what function I might look at?
I've been tinkering with PHP 5.1.6?? and only on some variable names do I get an access error when accessing a member variable which is private - other times it appears as though the member is being added as an expando property (which I realize is expected behviour - but shouldn't I get an error when trying that on existing properties?) in which case I have duplicated variables one marked as private the other as public???
Any ideas?
Anyone know what function I might look at?
I've been tinkering with PHP 5.1.6?? and only on some variable names do I get an access error when accessing a member variable which is private - other times it appears as though the member is being added as an expando property (which I realize is expected behviour - but shouldn't I get an error when trying that on existing properties?) in which case I have duplicated variables one marked as private the other as public???
Code: Select all
class test{
}
$obj = new Class1();
$obj->_obj = new test();
// Results in the following print_r() dump:
Class1 Object
(
[_file] =>
[_isCachable] =>
[_obj] =>
[_obj] => test Object
(
)
)