FAQ
Problem is that e.g. exception to string casts do not handle it properly,
there may be other affected areas.

https://3v4l.org/e9AGZ

Regards, Niklas

2015-11-05 16:14 GMT+01:00 Leigh <leight@gmail.com>:
On 5 November 2015 at 14:59, Rowan Collins wrote:


PHP uses null bytes quite a lot to produce deliberately illegal
identifiers. For instance the old eval-like create_function() [e.g.
https://3v4l.org/hqHjh] and the serialization of private members [e.g.
https://3v4l.org/R6Y6k]

In this case, I guess the "@" in "class@anonymous" makes the name illegal
anyway, but I'm not sold on the null byte being more unacceptable here than
anywhere else.

Regards,

--
Rowan Collins
[IMSoP]

That doesn't mean it's a good approach (*cough* namespaces *cough*), and
these bits of "magic" are supposed to be hidden away from users. I'm
guessing in this particular instance, the point of the null is to make
string operations cut off after "anonymous", however string operations that
respect the zval string length aren't going to do this.

e.g. var_dump() the class name is put through sprintf and it cuts off at
the null, but get_class or ReflectionClass::getName() just returns the
original string, and exposes the implementation details.

Search Discussions

Discussion Posts

Previous

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 5 of 19 | next ›
Discussion Overview
groupphp-internals @
categoriesphp
postedNov 5, '15 at 2:21p
activeNov 12, '15 at 1:46p
posts19
users8
websitephp.net

People

Translate

site design / logo © 2019 Grokbase