Bug #60362 [PATCH]: non-existent sub-sub keys should not have values
Edit report at https://bugs.php.net/bug.php?id=60362&edit=1 ID: 60362 Patch added by: ala...@php.net Reported by:danielc at analysisandsolutions dot com Summary:non-existent sub-sub keys should not have values Status: Open Type: Bug Package:Arrays related Operating System: linux PHP Version:5.4SVN-2011-11-23 (SVN) Block user comment: N Private report: N New Comment: The following patch has been added/updated: Patch Name: isset_changed_warning_only_on_access.patch Revision: 1324184882 URL: https://bugs.php.net/patch-display.php?bug=60362&patch=isset_changed_warning_only_on_access.patch&revision=1324184882 Previous Comments: [2011-12-05 07:34:36] ala...@php.net I don't think the error trigger on isset() will work, isset() is used to avoid the errors [2011-12-05 05:17:20] larue...@php.net The following patch has been added/updated: Patch Name: string_offset_trigger_notice.patch Revision: 1323062240 URL: https://bugs.php.net/patch-display.php?bug=60362&patch=string_offset_trigger_notice.patch&revision=1323062240 [2011-12-04 17:27:28] larue...@php.net submit a new patch, which only trigger notice when string offset cast occurred. [2011-12-04 17:26:41] larue...@php.net The following patch has been added/updated: Patch Name: string_offset_trigger_notice.patch Revision: 1323019601 URL: https://bugs.php.net/patch-display.php?bug=60362&patch=string_offset_trigger_notice.patch&revision=1323019601 [2011-12-04 16:43:41] larue...@php.net update patch, only change the code style, and fix one test faild, thanks The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=60362 -- Edit this bug report at https://bugs.php.net/bug.php?id=60362&edit=1
Bug #60362 [PATCH]: non-existent sub-sub keys should not have values
Edit report at https://bugs.php.net/bug.php?id=60362&edit=1 ID: 60362 Patch added by: ala...@php.net Reported by:danielc at analysisandsolutions dot com Summary:non-existent sub-sub keys should not have values Status: Closed Type: Bug Package:Arrays related Operating System: linux PHP Version:5.4SVN-2011-11-23 (SVN) Assigned To:stas Block user comment: N Private report: N New Comment: The following patch has been added/updated: Patch Name: fix_to_prevent_warning_on_isset_empty_for_55_and_a_half.patch Revision: 1324478042 URL: https://bugs.php.net/patch-display.php?bug=60362&patch=fix_to_prevent_warning_on_isset_empty_for_55_and_a_half.patch&revision=1324478042 Previous Comments: [2011-12-19 02:10:17] s...@php.net This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. For Windows: http://windows.php.net/snapshots/ Thank you for the report, and for helping us make PHP better. Applied patch making isset return false and access produce warning on invalid offsets. [2011-12-19 02:04:42] s...@php.net Automatic comment from SVN on behalf of stas Revision: http://svn.php.net/viewvc/?view=revision&revision=321145 Log: implement the solution for isset/string offsets, fix bug #60362 [2011-12-18 05:08:03] ala...@php.net The following patch has been added/updated: Patch Name: isset_changed_warning_only_on_access.patch Revision: 1324184882 URL: https://bugs.php.net/patch-display.php?bug=60362&patch=isset_changed_warning_only_on_access.patch&revision=1324184882 ---- [2011-12-05 07:34:36] ala...@php.net I don't think the error trigger on isset() will work, isset() is used to avoid the errors [2011-12-05 05:17:20] larue...@php.net The following patch has been added/updated: Patch Name: string_offset_trigger_notice.patch Revision: 1323062240 URL: https://bugs.php.net/patch-display.php?bug=60362&patch=string_offset_trigger_notice.patch&revision=1323062240 The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=60362 -- Edit this bug report at https://bugs.php.net/bug.php?id=60362&edit=1
Bug #55475 [PATCH]: is_a() triggers autoloader
Edit report at https://bugs.php.net/bug.php?id=55475&edit=1 ID: 55475 Patch added by: ala...@php.net Reported by:mads at gartneriet dot dk Summary:is_a() triggers autoloader Status: Assigned Type: Bug Package:Scripting Engine problem PHP Version:5.3.7 Assigned To:dmitry Block user comment: N Private report: N New Comment: The following patch has been added/updated: Patch Name: is_class_of.txt Revision: 1316553958 URL: https://bugs.php.net/patch-display.php?bug=55475&patch=is_class_of.txt&revision=1316553958 Previous Comments: [2011-09-15 11:00:29] dmi...@php.net Reverted before the common decision. [2011-09-15 10:59:23] dmi...@php.net Automatic comment from SVN on behalf of dmitry Revision: http://svn.php.net/viewvc/?view=revision&revision=316811 Log: Reverted the fix for #55475 (is_a() triggers autoloader) before the common decision [2011-09-15 10:00:16] dmi...@php.net I've committed the revert.is_a.behaviour.to.ignoring.strings.diff by alan at akbkhome dot com into 5.3. 5.4 is going to support string argument. [2011-09-15 09:58:17] dmi...@php.net Automatic comment from SVN on behalf of dmitry Revision: http://svn.php.net/viewvc/?view=revision&revision=316810 Log: Fixed bug #55475 (is_a() triggers autoloader). (alan at akbkhome dot com) [2011-09-07 06:30:47] vchernoivan at gmail dot com I guess it is no use to argue if the behaviuor is correct or not, or how precise the manual is. Since IT IS BREAKING EXISTING CODE, for me, too. Before the change if (is_a($date,"DateTime")) return $date->format(...); /// some code handling datetime strings worked just fine. Now it triggers __autoload and results in completely broken page. For sure, personally I can change every piece of MY OWN code. But consider users of tons of PHP libraries! What do you think, how long will it take to update every piece of them? Vote for reverting to prior-5.7 behavior until 5.4 The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=55475 -- Edit this bug report at https://bugs.php.net/bug.php?id=55475&edit=1
Bug #55475 [PATCH]: is_a() triggers autoloader
Edit report at https://bugs.php.net/bug.php?id=55475&edit=1 ID: 55475 Patch added by: ala...@php.net Reported by:mads at gartneriet dot dk Summary:is_a() triggers autoloader Status: Assigned Type: Bug Package:Scripting Engine problem PHP Version:5.3.7 Assigned To:dmitry Block user comment: N Private report: N New Comment: The following patch has been added/updated: Patch Name: is_class_of.diff Revision: 1316554378 URL: https://bugs.php.net/patch-display.php?bug=55475&patch=is_class_of.diff&revision=1316554378 Previous Comments: [2011-09-20 21:30:06] ala...@php.net Attached now is a patch that fixes this by adding is_class_of Which behaves the same as is_subclass_of, (autoload/ accepts strings) It also fixes the documentation on is_subclass_of and reverts the behaviour of is_a Note: the is_a change is now a security bug as sending url's to is_a may trigger remote code execution now. Note: I'm not sure you can classify a 2-3 developers comments as the "common decision" there where objections to the original change from core developers, this patch gives everybody what they want -------- [2011-09-20 21:25:58] ala...@php.net The following patch has been added/updated: Patch Name: is_class_of.txt Revision: 1316553958 URL: https://bugs.php.net/patch-display.php?bug=55475&patch=is_class_of.txt&revision=1316553958 [2011-09-15 11:00:29] dmi...@php.net Reverted before the common decision. [2011-09-15 10:59:23] dmi...@php.net Automatic comment from SVN on behalf of dmitry Revision: http://svn.php.net/viewvc/?view=revision&revision=316811 Log: Reverted the fix for #55475 (is_a() triggers autoloader) before the common decision [2011-09-15 10:00:16] dmi...@php.net I've committed the revert.is_a.behaviour.to.ignoring.strings.diff by alan at akbkhome dot com into 5.3. 5.4 is going to support string argument. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=55475 -- Edit this bug report at https://bugs.php.net/bug.php?id=55475&edit=1
Bug #55475 [PATCH]: is_a() triggers autoloader
Edit report at https://bugs.php.net/bug.php?id=55475&edit=1 ID: 55475 Patch added by: ala...@php.net Reported by:mads at gartneriet dot dk Summary:is_a() triggers autoloader Status: Assigned Type: Bug Package:Scripting Engine problem PHP Version:5.3.7 Assigned To:dmitry Block user comment: N Private report: N New Comment: The following patch has been added/updated: Patch Name: Is_a_with_allow_string_argument Revision: 1316733848 URL: https://bugs.php.net/patch-display.php?bug=55475&patch=Is_a_with_allow_string_argument&revision=1316733848 Previous Comments: [2011-09-20 21:32:58] ala...@php.net The following patch has been added/updated: Patch Name: is_class_of.diff Revision: 1316554378 URL: https://bugs.php.net/patch-display.php?bug=55475&patch=is_class_of.diff&revision=1316554378 [2011-09-20 21:30:06] ala...@php.net Attached now is a patch that fixes this by adding is_class_of Which behaves the same as is_subclass_of, (autoload/ accepts strings) It also fixes the documentation on is_subclass_of and reverts the behaviour of is_a Note: the is_a change is now a security bug as sending url's to is_a may trigger remote code execution now. Note: I'm not sure you can classify a 2-3 developers comments as the "common decision" there where objections to the original change from core developers, this patch gives everybody what they want ------------ [2011-09-20 21:25:58] ala...@php.net The following patch has been added/updated: Patch Name: is_class_of.txt Revision: 1316553958 URL: https://bugs.php.net/patch-display.php?bug=55475&patch=is_class_of.txt&revision=1316553958 [2011-09-15 11:00:29] dmi...@php.net Reverted before the common decision. [2011-09-15 10:59:23] dmi...@php.net Automatic comment from SVN on behalf of dmitry Revision: http://svn.php.net/viewvc/?view=revision&revision=316811 Log: Reverted the fix for #55475 (is_a() triggers autoloader) before the common decision The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=55475 -- Edit this bug report at https://bugs.php.net/bug.php?id=55475&edit=1
Bug #55475 [PATCH]: is_a() triggers autoloader
Edit report at https://bugs.php.net/bug.php?id=55475&edit=1 ID: 55475 Patch added by: ala...@php.net Reported by:mads at gartneriet dot dk Summary:is_a() triggers autoloader Status: Assigned Type: Bug Package:Scripting Engine problem PHP Version:5.3.7 Assigned To:dmitry Block user comment: N Private report: N New Comment: The following patch has been added/updated: Patch Name: Is_a_with_allow_string_argument_v2 Revision: 1316733980 URL: https://bugs.php.net/patch-display.php?bug=55475&patch=Is_a_with_allow_string_argument_v2&revision=1316733980 Previous Comments: [2011-09-22 23:24:08] ala...@php.net The following patch has been added/updated: Patch Name: Is_a_with_allow_string_argument Revision: 1316733848 URL: https://bugs.php.net/patch-display.php?bug=55475&patch=Is_a_with_allow_string_argument&revision=1316733848 [2011-09-20 21:32:58] ala...@php.net The following patch has been added/updated: Patch Name: is_class_of.diff Revision: 1316554378 URL: https://bugs.php.net/patch-display.php?bug=55475&patch=is_class_of.diff&revision=1316554378 -------- [2011-09-20 21:30:06] ala...@php.net Attached now is a patch that fixes this by adding is_class_of Which behaves the same as is_subclass_of, (autoload/ accepts strings) It also fixes the documentation on is_subclass_of and reverts the behaviour of is_a Note: the is_a change is now a security bug as sending url's to is_a may trigger remote code execution now. Note: I'm not sure you can classify a 2-3 developers comments as the "common decision" there where objections to the original change from core developers, this patch gives everybody what they want ------------ [2011-09-20 21:25:58] ala...@php.net The following patch has been added/updated: Patch Name: is_class_of.txt Revision: 1316553958 URL: https://bugs.php.net/patch-display.php?bug=55475&patch=is_class_of.txt&revision=1316553958 [2011-09-15 11:00:29] dmi...@php.net Reverted before the common decision. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=55475 -- Edit this bug report at https://bugs.php.net/bug.php?id=55475&edit=1
Bug #55475 [PATCH]: is_a() triggers autoloader
Edit report at https://bugs.php.net/bug.php?id=55475&edit=1 ID: 55475 Patch added by: ala...@php.net Reported by:mads at gartneriet dot dk Summary:is_a() triggers autoloader Status: Assigned Type: Bug Package:Scripting Engine problem PHP Version:5.3.7 Assigned To:dmitry Block user comment: N Private report: N New Comment: The following patch has been added/updated: Patch Name: Is_a_with_allow_string_argument_v3 Revision: 1316734303 URL: https://bugs.php.net/patch-display.php?bug=55475&patch=Is_a_with_allow_string_argument_v3&revision=1316734303 Previous Comments: [2011-09-22 23:26:20] ala...@php.net The following patch has been added/updated: Patch Name: Is_a_with_allow_string_argument_v2 Revision: 1316733980 URL: https://bugs.php.net/patch-display.php?bug=55475&patch=Is_a_with_allow_string_argument_v2&revision=1316733980 [2011-09-22 23:24:08] ala...@php.net The following patch has been added/updated: Patch Name: Is_a_with_allow_string_argument Revision: 1316733848 URL: https://bugs.php.net/patch-display.php?bug=55475&patch=Is_a_with_allow_string_argument&revision=1316733848 -------- [2011-09-20 21:32:58] ala...@php.net The following patch has been added/updated: Patch Name: is_class_of.diff Revision: 1316554378 URL: https://bugs.php.net/patch-display.php?bug=55475&patch=is_class_of.diff&revision=1316554378 -------- [2011-09-20 21:30:06] ala...@php.net Attached now is a patch that fixes this by adding is_class_of Which behaves the same as is_subclass_of, (autoload/ accepts strings) It also fixes the documentation on is_subclass_of and reverts the behaviour of is_a Note: the is_a change is now a security bug as sending url's to is_a may trigger remote code execution now. Note: I'm not sure you can classify a 2-3 developers comments as the "common decision" there where objections to the original change from core developers, this patch gives everybody what they want ------------ [2011-09-20 21:25:58] ala...@php.net The following patch has been added/updated: Patch Name: is_class_of.txt Revision: 1316553958 URL: https://bugs.php.net/patch-display.php?bug=55475&patch=is_class_of.txt&revision=1316553958 The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=55475 -- Edit this bug report at https://bugs.php.net/bug.php?id=55475&edit=1
Bug #55475 [PATCH]: is_a() triggers autoloader
Edit report at https://bugs.php.net/bug.php?id=55475&edit=1 ID: 55475 Patch added by: ala...@php.net Reported by:mads at gartneriet dot dk Summary:is_a() triggers autoloader Status: Assigned Type: Bug Package:Scripting Engine problem PHP Version:5.3.7 Assigned To:dmitry Block user comment: N Private report: N New Comment: The following patch has been added/updated: Patch Name: is_a_with_warning.txt Revision: 1316943145 URL: https://bugs.php.net/patch-display.php?bug=55475&patch=is_a_with_warning.txt&revision=1316943145 Previous Comments: [2011-09-24 13:13:44] ci...@php.net Yes, I contacted the CVE yesterday to request a CVE-ID and I'll update it here as soon as I receive one. [2011-09-24 09:22:04] henri at nerv dot fi Has someone requested CVE-identifier for this issue? I can do it if not. [2011-09-23 09:51:51] ras...@php.net Automatic comment from SVN on behalf of rasmus Revision: http://svn.php.net/viewvc/?view=revision&revision=317183 Log: Re-committing Alan's is_a revert/fix for bug #55475 Dmitry had done so earlier, but reverted pending discussion. It is completely clear that this should never have been changed in the 5.3 branch in the first place giving the number of things that broke because of it. ---- [2011-09-22 23:31:43] ala...@php.net The following patch has been added/updated: Patch Name: Is_a_with_allow_string_argument_v3 Revision: 1316734303 URL: https://bugs.php.net/patch-display.php?bug=55475&patch=Is_a_with_allow_string_argument_v3&revision=1316734303 ---- [2011-09-22 23:26:20] ala...@php.net The following patch has been added/updated: Patch Name: Is_a_with_allow_string_argument_v2 Revision: 1316733980 URL: https://bugs.php.net/patch-display.php?bug=55475&patch=Is_a_with_allow_string_argument_v2&revision=1316733980 The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=55475 -- Edit this bug report at https://bugs.php.net/bug.php?id=55475&edit=1
Bug #55475 [PATCH]: is_a() triggers autoloader
Edit report at https://bugs.php.net/bug.php?id=55475&edit=1 ID: 55475 Patch added by: ala...@php.net Reported by:mads at gartneriet dot dk Summary:is_a() triggers autoloader Status: Assigned Type: Bug Package:Scripting Engine problem PHP Version:5.3.7 Assigned To:dmitry Block user comment: N Private report: N CVE-ID: 2011-3379 New Comment: The following patch has been added/updated: Patch Name: final_patch_for_5_4_and_HEAD Revision: 1318491419 URL: https://bugs.php.net/patch-display.php?bug=55475&patch=final_patch_for_5_4_and_HEAD&revision=1318491419 Previous Comments: [2011-10-03 07:30:43] ala...@php.net Any comments on 5.4.* It seems like applying the 5.3 fix to 5.4 is the only option here, as there is no 'reasonable' way to flag the previous behavior as E_DEPRECIATED that works well as both forward and backward compatible. [2011-09-27 18:36:55] paj...@php.net Add CVE # [2011-09-27 09:35:31] ala...@php.net Automatic comment from SVN on behalf of alan_k Revision: http://svn.php.net/viewvc/?view=revision&revision=317382 Log: document fix for #55475 in NEWS [2011-09-26 19:57:09] paj...@php.net that's what I meant. [2011-09-26 19:54:23] henri at nerv dot fi CVE already requested with A LOT of conversation: http://www.openwall.com/lists/oss-security/2011/09/24/2 The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=55475 -- Edit this bug report at https://bugs.php.net/bug.php?id=55475&edit=1
Bug #55475 [PATCH]: is_a() triggers autoloader
Edit report at https://bugs.php.net/bug.php?id=55475&edit=1 ID: 55475 Patch added by: ala...@php.net Reported by:mads at gartneriet dot dk Summary:is_a() triggers autoloader Status: Assigned Type: Bug Package:Scripting Engine problem PHP Version:5.3.7 Assigned To:dmitry Block user comment: N Private report: N CVE-ID: 2011-3379 New Comment: The following patch has been added/updated: Patch Name: final_patch_for_5_4_and_HEAD_v2 Revision: 1320744263 URL: https://bugs.php.net/patch-display.php?bug=55475&patch=final_patch_for_5_4_and_HEAD_v2&revision=1320744263 Previous Comments: [2011-10-13 07:36:59] ala...@php.net The following patch has been added/updated: Patch Name: final_patch_for_5_4_and_HEAD Revision: 1318491419 URL: https://bugs.php.net/patch-display.php?bug=55475&patch=final_patch_for_5_4_and_HEAD&revision=1318491419 [2011-10-03 07:30:43] ala...@php.net Any comments on 5.4.* It seems like applying the 5.3 fix to 5.4 is the only option here, as there is no 'reasonable' way to flag the previous behavior as E_DEPRECIATED that works well as both forward and backward compatible. [2011-09-27 18:36:55] paj...@php.net Add CVE # ---- [2011-09-27 09:35:31] ala...@php.net Automatic comment from SVN on behalf of alan_k Revision: http://svn.php.net/viewvc/?view=revision&revision=317382 Log: document fix for #55475 in NEWS [2011-09-26 19:57:09] paj...@php.net that's what I meant. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=55475 -- Edit this bug report at https://bugs.php.net/bug.php?id=55475&edit=1
