Edit report at https://bugs.php.net/bug.php?id=55475&edit=1
ID: 55475 Updated by: paj...@php.net Reported by: mads at gartneriet dot dk Summary: is_a() triggers autoloader Status: Assigned Type: Bug Package: Scripting Engine problem PHP Version: 5.3.7 Assigned To: dmitry Block user comment: N Private report: N -CVE-ID: +CVE-ID: 2011-3379 New Comment: Add CVE # Previous Comments: ------------------------------------------------------------------------ [2011-09-27 09:35:31] ala...@php.net Automatic comment from SVN on behalf of alan_k Revision: http://svn.php.net/viewvc/?view=revision&revision=317382 Log: document fix for #55475 in NEWS ------------------------------------------------------------------------ [2011-09-26 19:57:09] paj...@php.net that's what I meant. ------------------------------------------------------------------------ [2011-09-26 19:54:23] henri at nerv dot fi CVE already requested with A LOT of conversation: http://www.openwall.com/lists/oss-security/2011/09/24/2 ------------------------------------------------------------------------ [2011-09-26 19:45:05] paj...@php.net @cipri Please contact secur...@php.net prior to request a CVE, to avoid double requests or confusing information. or mark a bug as security issue so we will catch it (and the sec guys of the linux distro as well) :) ------------------------------------------------------------------------ [2011-09-26 19:38:53] togos00 at gmail dot com Even if the new behavior is not a bug, per se, it is definitely surprising. is_a( $string, $className ) returning true would imply that $string is an instance of $className, which obviously it is not, as it is a string and not even an object. Having a separate function such as is_subclass_of( $className1, $className2 ) has the dual benefits of being more intuitive and not breaking old code. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=55475 -- Edit this bug report at https://bugs.php.net/bug.php?id=55475&edit=1
