From: hecsoxpij at freemail dot hu
Operating system: Windows 2000 SP2
PHP version: 5CVS-2003-07-29 (dev)
PHP Bug Type: Zend Engine 2 problem
Bug description: protected and private properties' contents can be seen from the
outside
Description:
------------
If I create a class with private or protected properties in it the
contents of those can be seen from the outside via the functions var_dump
and print_r. This may lead to some security vulnerabilities with future
applications.
This may not be actually a bug, but it seems rather illogical to be able
to access the values with this method while others fail.
Reproduce code:
---------------
class Test
{
private $foo;
function __construct ()
{
$this->foo = 'xy';
}
}
$test = new Test;
print_r($test);
Expected result:
----------------
test Object
(
)
Actual result:
--------------
test Object
(
[foo:private] => xy
)
--
Edit bug report at http://bugs.php.net/?id=24852&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=24852&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=24852&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=24852&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=24852&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=24852&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=24852&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=24852&r=support
Expected behavior: http://bugs.php.net/fix.php?id=24852&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=24852&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=24852&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=24852&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=24852&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=24852&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=24852&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=24852&r=gnused
