Edit report at https://bugs.php.net/bug.php?id=52428&edit=1
ID: 52428
Comment by: stelian dot mocanita at gmail dot com
Reported by: tyra3l at gmail dot com
Summary: $this isn't immutable
Status: Not a bug
Type: Bug
Package: Scripting Engine problem
Operating System: all
PHP Version: 5.3.3
Block user comment: N
Private report: N
New Comment:
I strongly disagree with this not being a bug. I came across some old code
where
I had $this->object out of a class context and it took me a lot of hours to
track and still did not get to the bottom of it.
More than that, this is lacking consistency. It can't allow me to assign a
value
to $this using globals / variable variables and not allow me to assign it a
value otherwise.
As far as I see it it's either: $this can be overwritten by any assignation
method in php or it can't be overwritten at all. Allowing people to shoot
themselves is a bad practice and it leads to shooting someone.
Thank you,
Stelian
Previous Comments:
------------------------------------------------------------------------
[2010-07-26 11:30:33] tyra3l at gmail dot com
There was some reason for this check to be placed.
My problem with this behaviour that the
$bar = 'baz';
should work the same as
$foo='bar';$$foo = 'baz';
and same for the $foo vs $GLOBALS['foo']
Tyrael
------------------------------------------------------------------------
[2010-07-26 11:20:33] degeb...@php.net
@dagdamor10: This has nothing to do with exploits at all. It poses no security
risk being able to modify the $this variable by circumventing the simple check
that is implemented.
------------------------------------------------------------------------
[2010-07-26 10:51:25] tyra3l at gmail dot com
"what about abolishing everything related to safe_mode"
safe_mode has been DEPRECATED as of PHP 5.3.0. and will be removed with the
next
major php version.
Tyrael
------------------------------------------------------------------------
[2010-07-26 10:32:24] dagdamor10 at mail dot ru
>> If you want you can shoot yourself in your head.
Okay, that was plain rude.
PHP *should* protect websites from possible exploits, what about abolishing
everything related to safe_mode, allowed paths and such? To make a good site,
people need good programming language... and good programming language should
be accurate in range-checking, resource-protecting etc, instead of leaving all
that to every programmer who decide to use it.
------------------------------------------------------------------------
[2010-07-25 18:50:52] tyra3l at gmail dot com
Thanks for the clarification.
Did I something wrong in the report, or you just copypasted the "Thank you for
taking the time to write to us..." part of your comment?
Maybe it would be a good thing to add this conclusion to the documentation
(reassigning this isn't allowed, because ..., if you try it, it will give you
an
error "Cannot re-assign this..." [if you really need this, you can do...])
Tyrael
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=52428
--
Edit this bug report at https://bugs.php.net/bug.php?id=52428&edit=1
