Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:89096 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 16080 invoked from network); 6 Nov 2015 13:25:48 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 6 Nov 2015 13:25:48 -0000 Authentication-Results: pb1.pair.com smtp.mail=me@kelunik.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=me@kelunik.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain kelunik.com from 81.169.146.162 cause and error) X-PHP-List-Original-Sender: me@kelunik.com X-Host-Fingerprint: 81.169.146.162 mo4-p00-ob.smtp.rzone.de Received: from [81.169.146.162] ([81.169.146.162:25257] helo=mo4-p00-ob.smtp.rzone.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id BD/01-06223-75AAC365 for ; Fri, 06 Nov 2015 08:25:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1446816340; l=3840; s=domk; d=kelunik.com; h=Content-Type:Cc:To:From:Subject:Date:References:In-Reply-To: MIME-Version; bh=d8TLrKdmTfOpItOYAFhFuSPf0eI8k6+bnpkRloKnlEQ=; b=JGNEEkRdKtrkmnpYJoQer9UKVzkYShaRd7YSawUTaK2K10ebrT/OW2gtI3C9aq6iJdH 2cnImfxLePerYy54Y182j4vLDFFWszwCJbml9WPFN5DLZapLqZMfT15uxhXY0O/B1eIvV DWft8jQGfzBE74YkXCbatJBY4ywVaxX3o+Y= X-RZG-AUTH: :IWkkfkWkbvHsXQGmRYmUo9mls2vWuiu+7SLDup6E67mzuoNNBqD/spI= X-RZG-CLASS-ID: mo00 Received: from mail-wi0-f172.google.com ([209.85.212.172]) by smtp.strato.de (RZmta 37.14 AUTH) with ESMTPSA id 60682arA6DPeF6n (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (curve secp384r1 with 384 ECDH bits, eq. 7680 bits RSA)) (Client did not present a certificate) for ; Fri, 6 Nov 2015 14:25:40 +0100 (CET) Received: by wicll6 with SMTP id ll6so30081034wic.0 for ; Fri, 06 Nov 2015 05:25:40 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.194.47.244 with SMTP id g20mr16813584wjn.124.1446816340558; Fri, 06 Nov 2015 05:25:40 -0800 (PST) Received: by 10.194.2.171 with HTTP; Fri, 6 Nov 2015 05:25:40 -0800 (PST) In-Reply-To: References: <563B6ED1.1030601@gmail.com> Date: Fri, 6 Nov 2015 14:25:40 +0100 X-Gmail-Original-Message-ID: Message-ID: To: Leigh , Bob Weinand Cc: Rowan Collins , PHP Internals , krakjoe@php.net Content-Type: multipart/alternative; boundary=047d7b86ca7808d03d0523df2e46 Subject: Re: [PHP-DEV] Null bytes in anonymous class names From: me@kelunik.com (Niklas Keller) --047d7b86ca7808d03d0523df2e46 Content-Type: text/plain; charset=UTF-8 Problem is that e.g. exception to string casts do not handle it properly, there may be other affected areas. https://3v4l.org/e9AGZ Regards, Niklas 2015-11-05 16:14 GMT+01:00 Leigh : > On 5 November 2015 at 14:59, Rowan Collins > wrote: > > > > > PHP uses null bytes quite a lot to produce deliberately illegal > > identifiers. For instance the old eval-like create_function() [e.g. > > https://3v4l.org/hqHjh] and the serialization of private members [e.g. > > https://3v4l.org/R6Y6k] > > > > In this case, I guess the "@" in "class@anonymous" makes the name > illegal > > anyway, but I'm not sold on the null byte being more unacceptable here > than > > anywhere else. > > > > Regards, > > > > -- > > Rowan Collins > > [IMSoP] > > > > That doesn't mean it's a good approach (*cough* namespaces *cough*), and > these bits of "magic" are supposed to be hidden away from users. I'm > guessing in this particular instance, the point of the null is to make > string operations cut off after "anonymous", however string operations that > respect the zval string length aren't going to do this. > > e.g. var_dump() the class name is put through sprintf and it cuts off at > the null, but get_class or ReflectionClass::getName() just returns the > original string, and exposes the implementation details. > --047d7b86ca7808d03d0523df2e46--