Page 4 of 4
Posted: Sat Sep 23, 2006 11:21 am
by Ambush Commander
Ooh, I did something like this for HTMLPurifier_ConfigSchema, although it was more for documentation reasons (figures out which class defines the configuration directive). Yes, it would definitely work.
Code: Select all
$backtrace = debug_backtrace();
$file = $def->mungeFilename($backtrace[0]['file']);
$line = $backtrace[0]['line'];
$def->info[$namespace][$name]->addDescription($file,$line,$description);
Posted: Sat Sep 23, 2006 12:14 pm
by RobertGonzalez
feyd wrote:Everah wrote:feyd wrote:It's a shame that the reflection system allows retrieval of private data.
So does that mean that declaring a class variable as private still doesn't ensure that it cannot be recalled?
Bingo!
As you may recall Ole (I believe it was) wanted to get access to a private inside his unit test. Guess what, through reflection PHP allows it; which drives me nuts.
Doesn't that kinda go against what
the Manual says on visibility for private properties? Is this a bug or just a by product of reflection? Sorry if my questions sound ignorant, but I am looking more closely at PHP5 OOP now that I have a PHP5 environment to develop in, and after the direction of this thread, I was thinking that DB connection details may be better kept as private properties of a class so they can't be retrieved outside the class.
Posted: Sat Sep 23, 2006 8:56 pm
by feyd
Last I checked, yep. And that's exactly why it annoys me so. I don't recall other implementations of reflections in other languages allowing access to privates as that goes completely against the access models in the languages. Reflection, as far as I understand it, is only supposed to be able to give you information about the interface of a class, nothing more. Certainly a private is not apart of the interface. That's why it's private. This is also why I dislike var_dump() showing it too.
Everah wrote:Is this a bug or just a by product of reflection? Sorry if my questions sound ignorant, but I am looking more closely at PHP5 OOP now that I have a PHP5 environment to develop in, and after the direction of this thread, I was thinking that DB connection details may be better kept as private properties of a class so they can't be retrieved outside the class.
I personally think it is a bug. It violates the expectation of .. privacy that I request of the object system's access controls.
I haven't checked into the bug list however. Honestly, I seem to have a flaw in my ability to search their bug system similar to various users here.
Posted: Sat Sep 23, 2006 9:14 pm
by RobertGonzalez
I am amazed at the apparent flaw in the PHP5 object model. I was reading a book today that showed an example of this very principle, and plain as day, all of the private properties were clearly displayed on the screen. Unbelievable.
So that means that there really is no way to effectively limit the viewable nature of a class property?
Posted: Sat Sep 23, 2006 9:43 pm
by Jenk
There is also of couse the big 'flaw' in that you have to release your source with every application you make in PHP.. thus if any clients wanted to do anything with your code they can, and worst case scenario they can break and then host your application giving you a bad name, should it be possible to identify you from the application.
Posted: Sat Sep 23, 2006 9:43 pm
by feyd
Everah wrote:So that means that there really is no way to effectively limit the viewable nature of a class property?
Under the current builds, not enough to really matter unless you turn off Reflection, which just isn't a "good" solution.
Posted: Sun Sep 24, 2006 6:03 am
by Maugrim_The_Reaper
I haven't checked into the bug list however. Honestly, I seem to have a flaw in my ability to search their bug system similar to various users here.
Amen to that. I would have thought a more user-friendly method would have been available after all these years. It's doesn't help anyone - including the developers since it just discourages folk (although maybe that's the point!

).
A private property is not strictly private in PHP. That's irritating since it allows the sort of client misbehaviour "private" access is supposed to prevent. On the other hand, PHP is generally distributed as source - so it could be hacked just as easily with a small edit. Maybe someone justified the Reflection access along those lines. Pretty silly IMO, but I can see it happening.
Posted: Sun Sep 24, 2006 12:14 pm
by Ambush Commander
That's true. There's only so far you can make an application idiot-proof, and even if you do make it so, they'll just build a better idiot.
PHP's bug system... erm... can't really pass judgment on that.
Posted: Wed Sep 27, 2006 4:48 am
by GM
Ambush Commander wrote:That's true. There's only so far you can make an application idiot-proof, and even if you do make it so, they'll just build a better idiot.
That's my signature
