Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Private variable access on a AccessInterceptorValueHolderFactory proxy class throws an error #68

Closed
leedavis81 opened this issue Jul 1, 2013 · 8 comments · Fixed by #69
Milestone

Comments

@leedavis81
Copy link
Contributor

Whenever attempting to read / write to a private variable execution stops and an error is thrown.

Not entirely sure if you'd want to keep this behaviour, or possibly throw an exception?

Fatal error: Cannot access private property Foo::$privateProperty in {proxyclass} on line 107

Execution stops when attempting to set $foo->privateProperty = 'Baz';

<?php

require "vendor/autoload.php";


class Foo
{
    public $publicArray = array();
    public $publicProperty;

    protected $protectedArray = array();
    protected $protectedProperty;

    private $privateArray = array();
    private $privateProperty;

    public $referencedProperty;

    public function publicMethod($arg)
    {
        return $arg;
    }

    protected function protectedMethod($arg)
    {
        return $arg;
    }

    private function privateMethod($arg)
    {
        return $arg;
    }
}

$config = new \ProxyManager\Configuration();
$factory = new \ProxyManager\Factory\AccessInterceptorValueHolderFactory($config);

$foo = $factory->createProxy(
    new Foo()
);


echo '------------------------------' . PHP_EOL;
$foo->privateProperty = 'Baz';
var_dump($foo->privateProperty);

echo '------------------------------' . PHP_EOL;
$foo->publicProperty = 'Foo';
var_dump($foo->publicProperty);

echo '------------------------------' . PHP_EOL;
$foo->protectedProperty = 'Bar';
var_dump($foo->protectedProperty);
@Ocramius
Copy link
Owner

Ocramius commented Jul 1, 2013

@leedavis81 ProxyManager doesn't allow you to break OOP rules like that. It is expected to fail in case you access a private or protected property from the wrong scope ;)

@leedavis81
Copy link
Contributor Author

Protected property access works fine. But then I guess it would as the Proxy is an extension of the Foo class. I guess the question is should it? $foo->protectedProperty = 'Bar'; is being executed outside of the object scope, and works.

@Ocramius
Copy link
Owner

Ocramius commented Jul 1, 2013

@leedavis81 that shouldn't be possible/allowed. What's the snippet to access protected vars?

@leedavis81
Copy link
Contributor Author

It's at the last line of what's pasted above. Just remove the private property test to get to it

echo '------------------------------' . PHP_EOL;
$foo->privateProperty = 'Baz';
var_dump($foo->privateProperty);

@Ocramius
Copy link
Owner

Ocramius commented Jul 1, 2013

@leedavis81 good to know, I'll work on a fix, since this should not be possible

@Ocramius
Copy link
Owner

Ocramius commented Jul 1, 2013

Looks like the code generation for the various getters/setters was too simplistic here, and introduced a potential exploit (not a security issue fortunately). I'm working on it

@Ocramius
Copy link
Owner

Ocramius commented Jul 1, 2013

Provided a fix in #69 - will need to refactor some part of the library before merging, though, since complexity is adding up very fast because of these edge cases

@Ocramius
Copy link
Owner

Ocramius commented Jul 7, 2013

Closing, since #69 deals with this one

@Ocramius Ocramius closed this as completed Jul 7, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants