From: wharmby at uk dot ibm dot com
Operating system: Windows XP
PHP version: 5CVS-2007-02-13 (CVS)
PHP Bug Type: Scripting Engine problem
Bug description: var_dump() printing details of private and protected object
properties
Description:
------------
I have come across the following behaviour while reviewing
the var_dump code which is either a bug or the code needs
tidying up. The output certainly does not tally with the
behaviour suggested by the code.
My reading of the code in php_array_element_dump() is that
if an Object with private or protected properties is cast to
an array and then dumped using var_dump() then no private or
protected fields should be dumped (previous defects suggest otherwise but
the code suggests they should not be printed)
The code in php_array_element_dump() is as follows:
level = va_arg(args, int);
if (hash_key->nKeyLength==0) { /* numeric key */
php_printf("%*c[%ld]=>\n", level + 1, ' ', hash_key->h);
} else { /* string key */
if (va_arg(args, int) && hash_key->arKey[0] == '\0') {
/* XXX: perhaps when we are inside the class we
* should permit access to private & protected
* values
*/
return 0;
}
php_printf("%*c[\"", level + 1, ' ');
PHPWRITE(hash_key->arKey, hash_key->nKeyLength - 1);
php_printf("\"]=>\n");
}
However, because of a logic error in php_var_dump()the
2nd argument does not get passed to php_array_element_dump()
and so we print out the details of private and protected
fields.
Assuming the intention is NOT to print out private or protected fileds the
patch to correct the var_dump_code
is as follows:
http://www.pastebin.ca/353743
However, previous defects have been raised on this subject
and closed as "Expected Behaviour". If it is the case that all fields
should be printed by var_dump to aid debug then
the code in php_array_element_dump() and php_var_dump() should be cleaned
up as in the following patch:
http://www.pastebin.ca/353787
Both patches built against CVS code as of 15:30 GMT on 13th Feb 2007.
Reproduce code:
---------------
<?php
class foo
{
public $a = 10;
private $b = 20;
public $c = 40;
protected $d = 50;
public $e = 60;
}
$obj = new foo();
var_dump($obj);
$fooarr = (array)$obj;
var_dump($fooarr);
?>
Expected result:
----------------
object(foo)#1 (5) {
["a"]=>
int(10)
["b:private"]=>
int(20)
["c"]=>
int(40)
["d:protected"]=>
int(50)
["e"]=>
int(60)
}
array(5) {
["a"]=>
int(10)
["c"]=>
int(40)
["e"]=>
int(60)
}
Actual result:
--------------
object(foo)#1 (5) {
["a"]=>
int(10)
["b:private"]=>
int(20)
["c"]=>
int(40)
["d:protected"]=>
int(50)
["e"]=>
int(60)
}
array(5) {
["a"]=>
int(10)
[" foo b"]=>
int(20)
["c"]=>
int(40)
[" * d"]=>
int(50)
["e"]=>
int(60)
}
--
Edit bug report at http://bugs.php.net/?id=40465&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=40465&r=trysnapshot44
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=40465&r=trysnapshot52
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=40465&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=40465&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=40465&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=40465&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=40465&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=40465&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=40465&r=support
Expected behavior: http://bugs.php.net/fix.php?id=40465&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=40465&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=40465&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=40465&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=40465&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=40465&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=40465&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=40465&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=40465&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=40465&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=40465&r=mysqlcfg
