[PHP-BUG] Bug #55449 [NEW]: Static private and static protected properties have a backdoor.

Thu, 18 Aug 2011 07:16:31 -0700 

From:             
Operating system: Mac OS X
PHP version:      5.3.6
Package:          Class/Object related
Bug Type:         Bug
Bug description:Static private and static protected properties have a backdoor.

Description:
------------
I use a static private property in one of my classes, so objects in that
class can track data, while keeping it away from other parts of the script.
However, I found you can exploit a backdoor to reach the property from
places that should be outside the property's visibility, by using variable
variables. Upon further testing, I found the same backdoor exists for
static protected properties. Using this backdoor, you can get or set the
property's value.

Non-static properties seem to be unaffected by this bug.

It doesn't seem particularly dangerous, but I thought I'd report it just
the same.

Test script:
---------------
<?php class exampleclass {
private static $staticprivate = "test #0";
protected static $staticprotected = "test #1";
private $private = "test #2";
protected $protected = "test #3"; }

$test0 = "\0exampleclass\0staticprivate";
$test1 = "\0*\0staticprotected";
$test2 = "\0exampleclass\0private";
$test3 = "\0*\0protected";

$object = new exampleclass;

echo exampleclass::$$test0;//test #0
echo exampleclass::$$test1;//test #1
echo $object->$test2;//<b>Fatal error</b>:  Cannot access property started
with '\0' in ...
echo $object->$test3;//<b>Fatal error</b>:  Cannot access property started
with '\0' in ...

echo $object->{"\0*\0private"};//<b>Fatal error</b>:  Cannot access
property started with '\0' in ...
echo $object->{"\0*\0protected"};//<b>Fatal error</b>:  Cannot access
property started with '\0' in ...

Expected result:
----------------
All six echo()s should cause a fatal error.

Actual result:
--------------
Only the last four echo()s cause a fatal error.

-- 
Edit bug report at https://bugs.php.net/bug.php?id=55449&edit=1
-- 
Try a snapshot (PHP 5.4):            
https://bugs.php.net/fix.php?id=55449&r=trysnapshot54
Try a snapshot (PHP 5.3):            
https://bugs.php.net/fix.php?id=55449&r=trysnapshot53
Try a snapshot (trunk):              
https://bugs.php.net/fix.php?id=55449&r=trysnapshottrunk
Fixed in SVN:                        
https://bugs.php.net/fix.php?id=55449&r=fixed
Fixed in SVN and need be documented: 
https://bugs.php.net/fix.php?id=55449&r=needdocs
Fixed in release:                    
https://bugs.php.net/fix.php?id=55449&r=alreadyfixed
Need backtrace:                      
https://bugs.php.net/fix.php?id=55449&r=needtrace
Need Reproduce Script:               
https://bugs.php.net/fix.php?id=55449&r=needscript
Try newer version:                   
https://bugs.php.net/fix.php?id=55449&r=oldversion
Not developer issue:                 
https://bugs.php.net/fix.php?id=55449&r=support
Expected behavior:                   
https://bugs.php.net/fix.php?id=55449&r=notwrong
Not enough info:                     
https://bugs.php.net/fix.php?id=55449&r=notenoughinfo
Submitted twice:                     
https://bugs.php.net/fix.php?id=55449&r=submittedtwice
register_globals:                    
https://bugs.php.net/fix.php?id=55449&r=globals
PHP 4 support discontinued:          
https://bugs.php.net/fix.php?id=55449&r=php4
Daylight Savings:                    https://bugs.php.net/fix.php?id=55449&r=dst
IIS Stability:                       
https://bugs.php.net/fix.php?id=55449&r=isapi
Install GNU Sed:                     
https://bugs.php.net/fix.php?id=55449&r=gnused
Floating point limitations:          
https://bugs.php.net/fix.php?id=55449&r=float
No Zend Extensions:                  
https://bugs.php.net/fix.php?id=55449&r=nozend
MySQL Configuration Error:           
https://bugs.php.net/fix.php?id=55449&r=mysqlcfg

Reply via email to