Bug #53932 [Opn->Bgs]: is_callable invoke autoloading unnecessarilly

Fri, 04 Feb 2011 18:59:21 -0800 

Edit report at http://bugs.php.net/bug.php?id=53932&edit=1

 ID:                 53932
 Updated by:         cataphr...@php.net
 Reported by:        rubs33 at gmail dot com
 Summary:            is_callable invoke autoloading unnecessarilly
-Status:             Open
+Status:             Bogus
 Type:               Bug
 Package:            Reproducible crash
 Operating System:   Linux
 PHP Version:        5.3.5
 Block user comment: N
 Private report:     N

 New Comment:

1. A fatal error is not a crash.

2. What constitutes an acceptable class name is, in practice, more ample
than what's in the manual, though there are no guarantees it will work
in the future.

3. You don't have to throw exceptions from __autoload; in fact, if you
did, you were unable to catch them prior to 5.3.

4. Validate user input.


Previous Comments:
------------------------------------------------------------------------
[2011-02-04 22:44:55] rubs33 at gmail dot com

Description:
------------
The PHP core function "is_callable" invokes the autoloading when
receives a string callback that has "::", even when the class has not a
valid name.



It could be smarter invoking autoloading only when the class name is a
valid class name, as described by the expression
[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]* from documentation
(http://www.php.net/manual/en/language.oop5.basic.php). It should check
whether a namespace was used too.



Often, is_callable function is not invoked in a try/catch context. So,
in many cases, it could crash PHP execution. For example, in a
dispatcher implementation that receives a controller class and an action
(method) by user, create a callback and test it with is_callable.

Test script:
---------------
<?php



function __autoload($class) { 

    printf("Required class: '%s'\n", $class);

    throw new Exception('Error');

}



var_dump(is_callable('invalid name::method'));

Expected result:
----------------
bool(false)

Actual result:
--------------
Required class: 'invalid name'

PHP Fatal error:  Uncaught exception 'Exception' with message 'Error' in
%s:5


------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=53932&edit=1

Reply via email to