Edit report at https://bugs.php.net/bug.php?id=61782&edit=1
ID: 61782
Comment by: r dot wilczek at web-appz dot de
Reported by: s...@php.net
Summary: __clone/__destruct do not match other methods when
checking access controls
Status: Open
Type: Bug
Package: Scripting Engine problem
PHP Version: 5.4.1RC2
Block user comment: N
Private report: N
New Comment:
reproducable in PHP 5.5.2
class Foo {
public function getClone() {
return clone $this;
}
private function __clone() {}
}
class Bar extends Foo {}
(new Bar)->getClone();
// Call to private Bar::__clone() from context 'Foo'
Previous Comments:
------------------------------------------------------------------------
[2012-07-24 23:36:03] ras...@php.net
Automatic comment on behalf of stas
Revision:
http://git.php.net/?p=php-src.git;a=commit;h=d03900dc92af6d47921143f226217eae3ca564b7
Log: fix bug #61782 - __clone/__destruct do not match other methods when
checking access controls
------------------------------------------------------------------------
[2012-05-15 07:45:38] m...@php.net
Automatic comment on behalf of stas
Revision:
http://git.php.net/?p=php-src.git;a=commit;h=a0dff6fdcae1f4eaa96e68d1429fd38876c2796e
Log: fix bug #61782 - __clone/__destruct do not match other methods when
checking access controls
------------------------------------------------------------------------
[2012-05-14 18:03:48] s...@php.net
Automatic comment on behalf of stas
Revision:
http://git.php.net/?p=php-src.git;a=commit;h=d03900dc92af6d47921143f226217eae3ca564b7
Log: fix bug #61782 - __clone/__destruct do not match other methods when
checking access controls
------------------------------------------------------------------------
[2012-05-13 21:48:42] s...@php.net
Automatic comment on behalf of stas
Revision:
http://git.php.net/?p=php-src.git;a=commit;h=a0dff6fdcae1f4eaa96e68d1429fd38876c2796e
Log: fix bug #61782 - __clone/__destruct do not match other methods when
checking access controls
------------------------------------------------------------------------
[2012-04-20 06:46:36] s...@php.net
Description:
------------
__clone and __destruct check access to protected methods differently from other
methods. They have
custom implementation and while other methods allow access to siblings in the
same tree to protected
functions, those do not. See implementation for regular ones:
if (UNEXPECTED(!zend_check_protected(zend_get_function_root_class(fbc),
EG(scope)))) {
if (zobj->ce->__call) {
fbc = zend_get_user_call_function(zobj->ce, method_name,
method_len);
} else {
zend_error_noreturn(E_ERROR, "Call to %s method %s::%s() from
context '%s'",
zend_visibility_string(fbc->common.fn_flags), ZEND_FN_SCOPE_NAME(fbc),
method_name, EG(scope) ?
EG(scope)->name : "");
}
}
and for __clone:
if (UNEXPECTED(!zend_check_protected(clone->common.scope, EG(scope)))) {
zend_error_noreturn(E_ERROR, "Call to protected %s::__clone() from
context '%s'", ce->name,
EG(scope) ? EG(scope)->name : "");
}
it can be seen that __clone does not use zend_get_function_root_class(). Same
happens for destructor.
I see no reason for that and I think they should be brought in sync with the
rest of the code. See also:
http://www.mail-archive.com/internals@lists.php.net/msg57424.html
Test script:
---------------
abstract class BaseClass {
abstract protected function __clone();
}
class MommasBoy extends BaseClass {
protected function __clone() {
echo __METHOD__, "\n";
}
}
class LatchkeyKid extends BaseClass {
public function __construct() {
echo 'In ', __CLASS__, ":\n";
$kid = new MommasBoy();
$kid = clone $kid;
}
public function __clone() {}
}
$obj = new LatchkeyKid();
Expected result:
----------------
In LatchkeyKid:
MommasBoy::__clone
Actual result:
--------------
Fatal error: Call to protected MommasBoy::__clone() from context 'LatchkeyKid'
in
bug.php on line 16
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=61782&edit=1
