Hi!

> Just a simple use case showing how dangerous that is :
> 
> <?php
> $p = function($p) { $this->$p = new Stdclass; };
> $p->call($e = new Exception, 'trace');
> throw $e;

Yes, this is not good, and this is the consequence of allowing to rebind
closures. I'm not sure though how to fix it except for banning closures
from assuming scope of internal classes. If you assigned the scope of
Exception to it, it should have access to Exception - that's how the
scope works.

> For User classes, this could lead to information leaks or bad behaviors,

I'm not sure what you mean by "information leaks", but the behavior is
on whoever wrote that code. People can write bad code, we can't disallow
this. We can restrict things that would really break (like segfault) but
I'm not sure what else we can do here. If you have the scope of the
class, that implies access to the private members of the class. So we
either have to not let the closure have the scope, or invent some
additional term of scope' that is not like real scope. I don't think
it'd be good.

-- 
Stas Malyshev
smalys...@gmail.com

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to