Edit report at https://bugs.php.net/bug.php?id=55475&edit=1
ID: 55475 Updated by: paj...@php.net Reported by: mads at gartneriet dot dk Summary: is_a() triggers autoloader Status: Assigned Type: Bug Package: Scripting Engine problem PHP Version: 5.3.7 Assigned To: dmitry Block user comment: N Private report: N New Comment: @cipri Please contact secur...@php.net prior to request a CVE, to avoid double requests or confusing information. or mark a bug as security issue so we will catch it (and the sec guys of the linux distro as well) :) Previous Comments: ------------------------------------------------------------------------ [2011-09-26 19:38:53] togos00 at gmail dot com Even if the new behavior is not a bug, per se, it is definitely surprising. is_a( $string, $className ) returning true would imply that $string is an instance of $className, which obviously it is not, as it is a string and not even an object. Having a separate function such as is_subclass_of( $className1, $className2 ) has the dual benefits of being more intuitive and not breaking old code. ------------------------------------------------------------------------ [2011-09-25 09:32:25] ala...@php.net The following patch has been added/updated: Patch Name: is_a_with_warning.txt Revision: 1316943145 URL: https://bugs.php.net/patch-display.php?bug=55475&patch=is_a_with_warning.txt&revision=1316943145 ------------------------------------------------------------------------ [2011-09-24 13:13:44] ci...@php.net Yes, I contacted the CVE yesterday to request a CVE-ID and I'll update it here as soon as I receive one. ------------------------------------------------------------------------ [2011-09-24 09:22:04] henri at nerv dot fi Has someone requested CVE-identifier for this issue? I can do it if not. ------------------------------------------------------------------------ [2011-09-23 09:51:51] ras...@php.net Automatic comment from SVN on behalf of rasmus Revision: http://svn.php.net/viewvc/?view=revision&revision=317183 Log: Re-committing Alan's is_a revert/fix for bug #55475 Dmitry had done so earlier, but reverted pending discussion. It is completely clear that this should never have been changed in the 5.3 branch in the first place giving the number of things that broke because of it. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=55475 -- Edit this bug report at https://bugs.php.net/bug.php?id=55475&edit=1
