Hi! > Just a simple use case showing how dangerous that is : > > <?php > $p = function($p) { $this->$p = new Stdclass; }; > $p->call($e = new Exception, 'trace'); > throw $e;
Yes, this is not good, and this is the consequence of allowing to rebind closures. I'm not sure though how to fix it except for banning closures from assuming scope of internal classes. If you assigned the scope of Exception to it, it should have access to Exception - that's how the scope works. > For User classes, this could lead to information leaks or bad behaviors, I'm not sure what you mean by "information leaks", but the behavior is on whoever wrote that code. People can write bad code, we can't disallow this. We can restrict things that would really break (like segfault) but I'm not sure what else we can do here. If you have the scope of the class, that implies access to the private members of the class. So we either have to not let the closure have the scope, or invent some additional term of scope' that is not like real scope. I don't think it'd be good. -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php