Hi all,
On Fri, Mar 27, 2015 at 11:57 AM, Xinchen Hui <larue...@php.net> wrote:
> On Fri, Mar 27, 2015 at 3:06 AM, Kalle Sommer Nielsen <ka...@php.net>
> wrote:
> > Forgot to CC list
> >
> >
> > ---------- Forwarded message ----------
> > From: Kalle Sommer Nielsen <ka...@php.net>
> > Date: 2015-03-26 20:06 GMT+01:00
> > Subject: Re: [PHP-DEV] is_callable and function_exists with
> disable_functions
> > To: Remi Collet <r...@fedoraproject.org>
> >
> >
> > 2015-03-26 16:32 GMT+01:00 Remi Collet <r...@fedoraproject.org>:
> >>> do you mind if I change the current behavior of is_callable , to
> >>> return false on this case?
> >>
> >> Make sense
> >>
> >>> or, at least, change function_exists's behavior instead?
> >>
> >> Seems a bad idea.
> >
> > I agree with both points here, I think is_callable() should mimic
> > function_exists() behavior, is this the same case for disable_classes?
> >
> yeah. but a little bit different
>
> class_exists return trun with disabled classes :<
>
> $ sapi/cli/php -d disable_classes=ArrayObject -r
> "var_dump(class_exists('arrayobject')); new ArrayObject(); "
> bool(true)
> PHP Warning: ArrayObject() has been disabled for security reasons in
> Command line code on line 1
>
> Warning: ArrayObject() has been disabled for security reasons in
> Command line code on line 1
Returning true for is_callable/class_exists even when it isn't usable does
not make much sense. How about fix them all?
Regards,
--
Yasuo Ohgaki
yohg...@ohgaki.net
