Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:85873 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 2870 invoked from network); 19 Apr 2015 22:21:13 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 19 Apr 2015 22:21:13 -0000 Authentication-Results: pb1.pair.com header.from=smalyshev@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=smalyshev@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.192.171 as permitted sender) X-PHP-List-Original-Sender: smalyshev@gmail.com X-Host-Fingerprint: 209.85.192.171 mail-pd0-f171.google.com Received: from [209.85.192.171] ([209.85.192.171:33817] helo=mail-pd0-f171.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 2C/70-34018-95A24355 for ; Sun, 19 Apr 2015 18:21:13 -0400 Received: by pdbqa5 with SMTP id qa5so188138020pdb.1 for ; Sun, 19 Apr 2015 15:21:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=MBsKpdtpuAtG75noS8kb55jIjCgsJkz7npmPwg+O7wk=; b=sUh+XorUmpdxZkuM40Z2Y07NI0xRtt/3vx+6XfDM5XA5GfdjXldbq9Di64DnVYMpyq qRGbfmJ+Gf/Jwl9CTEyvJHA8z9rvf1rZ+W/p1+gmulRXDCDksha96tQx+aPEAY9zaF+y la+PK1N4xRUGqym0nTnZhHfYWWXOtEWxU+jhPKrisKj9SE9rda1aMpZwZHO2lYVUgIrA KCsxFe5+tdhZO9yPakUaDu5xaWQTxR/RWHSBgR0CI5UmRiJcKkBVGWHZ8wzJbJ73qE5Z LcuX4c3MHiXaoHXUG5yj/ijyWYPZua265lMBJaorMOkUZ9NZO5xUN5F4dNmTUiMSQgLp WPMA== X-Received: by 10.68.204.227 with SMTP id lb3mr12157969pbc.99.1429482069869; Sun, 19 Apr 2015 15:21:09 -0700 (PDT) Received: from Stas-Air.local (108-66-6-48.lightspeed.sntcca.sbcglobal.net. [108.66.6.48]) by mx.google.com with ESMTPSA id c8sm16118881pdj.65.2015.04.19.15.21.08 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 19 Apr 2015 15:21:09 -0700 (PDT) Message-ID: <55342A50.9030100@gmail.com> Date: Sun, 19 Apr 2015 15:21:04 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: Julien Pauli , Andrew Faulds , PHP Internals References: In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Closure::call() to access private data, really ? From: smalyshev@gmail.com (Stanislav Malyshev) Hi! > Just a simple use case showing how dangerous that is : > > $p = function($p) { $this->$p = new Stdclass; }; > $p->call($e = new Exception, 'trace'); > throw $e; Yes, this is not good, and this is the consequence of allowing to rebind closures. I'm not sure though how to fix it except for banning closures from assuming scope of internal classes. If you assigned the scope of Exception to it, it should have access to Exception - that's how the scope works. > For User classes, this could lead to information leaks or bad behaviors, I'm not sure what you mean by "information leaks", but the behavior is on whoever wrote that code. People can write bad code, we can't disallow this. We can restrict things that would really break (like segfault) but I'm not sure what else we can do here. If you have the scope of the class, that implies access to the private members of the class. So we either have to not let the closure have the scope, or invent some additional term of scope' that is not like real scope. I don't think it'd be good. -- Stas Malyshev smalyshev@gmail.com