On 5 November 2015 at 14:59, Rowan Collins <rowan.coll...@gmail.com> wrote:
> > PHP uses null bytes quite a lot to produce deliberately illegal > identifiers. For instance the old eval-like create_function() [e.g. > https://3v4l.org/hqHjh] and the serialization of private members [e.g. > https://3v4l.org/R6Y6k] > > In this case, I guess the "@" in "class@anonymous" makes the name illegal > anyway, but I'm not sold on the null byte being more unacceptable here than > anywhere else. > > Regards, > > -- > Rowan Collins > [IMSoP] > > That doesn't mean it's a good approach (*cough* namespaces *cough*), and these bits of "magic" are supposed to be hidden away from users. I'm guessing in this particular instance, the point of the null is to make string operations cut off after "anonymous", however string operations that respect the zval string length aren't going to do this. e.g. var_dump() the class name is put through sprintf and it cuts off at the null, but get_class or ReflectionClass::getName() just returns the original string, and exposes the implementation details.
