Problem is that e.g. exception to string casts do not handle it properly, there may be other affected areas.
https://3v4l.org/e9AGZ Regards, Niklas 2015-11-05 16:14 GMT+01:00 Leigh <lei...@gmail.com>: > On 5 November 2015 at 14:59, Rowan Collins <rowan.coll...@gmail.com> > wrote: > > > > > PHP uses null bytes quite a lot to produce deliberately illegal > > identifiers. For instance the old eval-like create_function() [e.g. > > https://3v4l.org/hqHjh] and the serialization of private members [e.g. > > https://3v4l.org/R6Y6k] > > > > In this case, I guess the "@" in "class@anonymous" makes the name > illegal > > anyway, but I'm not sold on the null byte being more unacceptable here > than > > anywhere else. > > > > Regards, > > > > -- > > Rowan Collins > > [IMSoP] > > > > That doesn't mean it's a good approach (*cough* namespaces *cough*), and > these bits of "magic" are supposed to be hidden away from users. I'm > guessing in this particular instance, the point of the null is to make > string operations cut off after "anonymous", however string operations that > respect the zval string length aren't going to do this. > > e.g. var_dump() the class name is put through sprintf and it cuts off at > the null, but get_class or ReflectionClass::getName() just returns the > original string, and exposes the implementation details. >
