Seems like a good change +1.
On Sun, Dec 4, 2011 at 7:55 AM, Alan Knowles wrote:
This is ready for review now.


This resolves the worst behavior changes introduced by the dereferencing of
strings fix.

All tests (in Zend/tests) pass (after they have been modified to suit the

Please review / comment...


On Sunday, December 04, 2011 12:08 AM, Alan Knowles wrote:

I've had a look at making string offsets of strings a bit saner.

At present with the fix for array dereferencing :  ?search=hello and a
test like isset($_GET['search']['name'])  results in true, which is has
potential security problems and is very confusing for any programmer finding
and working out why something like that may be failing.

To solve this quite a few people agreed that not allowing non-numeric
string offsets on strings would be the smart way to go, the change is going
to break BC, so the idea is to at least not break it too badly...

This patch is a start.


It's been quite a while since I hacked on the engine, so the patch only
works reasonably well.. (see the FIXME on the tests at the bottom of the

The patch changes the following:
* $s = "string";  $s['offset'] -- produces a warning (and returns an
empty string)
* $s = "string";  $s['1'] -- works as before..
* $s = "string";  $s[true] $s[false] $s[0.1] -- give a notice (cast it to
an int if you want to get rid of the notice) - however work as before.
* changes the warning on invalid indexes to say "Uninitialized or
invalid" rather than just "Uninitialized"
* fixes most of the related tests

I would appreciate if someone with better engine knowledge would have  a
look and work out what the "BAD" usage should return.

In theory.. the fetch_dim behavior should be return a empty string if an
invalid offset is used, or uninitialized zval if ISSET is calling it


PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Search Discussions

Discussion Posts


Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 3 of 29 | next ›
Discussion Overview
groupphp-internals @
postedDec 3, '11 at 4:08p
activeDec 21, '11 at 6:45p



site design / logo © 2019 Grokbase