Currently the "Symfony\Component\Form\Util \PropertyPath::writeProperty" method performs a series of checks to determine which way to set the property on the active object. In particular, it checks whether a "setPropertyName()" method exists and if it does then it checks to see if that is a public method. This takes place before trying other methods such as a magic "__set()" method or a public property of that name on the object.
Unfortunately this means if your object only exposes the magic "__set()" method, but uses the "setPropertyName()" methods internally as protected member methods the "writeProperty()" method will detect that it can't access the "setPropertyName()" method first and throw an exception. In my opinion, this is not necessarily correct. While it is certainly useful in some cases to detect a potential mistake, an external class should not stop working due to the internal behaviour of an object. I'd like to propose that the checks to detect whether the method is public be moved in to their parent if statements, and the exception removed. A message suggesting that developers check whether the property or setter are public could be added to the final "InvalidPropertyException". Is there another compelling reason to keep these exceptions that I have missed? Thanks, Robert -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to symfony-devs@googlegroups.com To unsubscribe from this group, send email to symfony-devs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
