Edit report at https://bugs.php.net/bug.php?id=55475&edit=1
ID: 55475 Updated by: paj...@php.net Reported by: mads at gartneriet dot dk Summary: is_a() triggers autoloader Status: Assigned Type: Bug Package: Scripting Engine problem PHP Version: 5.3.7 Assigned To: dmitry Block user comment: N Private report: N New Comment: that's what I meant. Previous Comments: ------------------------------------------------------------------------ [2011-09-26 19:54:23] henri at nerv dot fi CVE already requested with A LOT of conversation: http://www.openwall.com/lists/oss-security/2011/09/24/2 ------------------------------------------------------------------------ [2011-09-26 19:45:05] paj...@php.net @cipri Please contact secur...@php.net prior to request a CVE, to avoid double requests or confusing information. or mark a bug as security issue so we will catch it (and the sec guys of the linux distro as well) :) ------------------------------------------------------------------------ [2011-09-26 19:38:53] togos00 at gmail dot com Even if the new behavior is not a bug, per se, it is definitely surprising. is_a( $string, $className ) returning true would imply that $string is an instance of $className, which obviously it is not, as it is a string and not even an object. Having a separate function such as is_subclass_of( $className1, $className2 ) has the dual benefits of being more intuitive and not breaking old code. ------------------------------------------------------------------------ [2011-09-25 09:32:25] ala...@php.net The following patch has been added/updated: Patch Name: is_a_with_warning.txt Revision: 1316943145 URL: https://bugs.php.net/patch-display.php?bug=55475&patch=is_a_with_warning.txt&revision=1316943145 ------------------------------------------------------------------------ [2011-09-24 13:13:44] ci...@php.net Yes, I contacted the CVE yesterday to request a CVE-ID and I'll update it here as soon as I receive one. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=55475 -- Edit this bug report at https://bugs.php.net/bug.php?id=55475&edit=1
