Quote:
Originally Posted by Wildhoney
What is your intention? To attempt to break PHP? I think PHP will break you before you break PHP.
|
This calls for #46156:
http://bugs.php.net/bug.php?id=46156
As for the replies;
Salathe, __FILE__ etc. is actually not constants, they are tokens and replaced at compile time:
PHP Code:
<?php
class A
{
public function b()
{
$this instanceof __CLASS__;
}
}
?>
PHP will find the following tokens here (without the whitespace):
Code:
T_OPEN_TAG
T_CLASS
T_STRING
'{'
T_PUBLIC
T_FUNCTION
T_STRING
'('
')'
'{'
T_VARIABLE
T_INSTANCEOF
--> T_CLASS_C <--
';'
'}'
'}'
T_CLOSE_TAG
Because __CLASS__ here is a special (magic) compile time constant, you don't need to instanciate A and then call b to trigger this, simply run the script and PHP will give you an E_COMPILE_ERROR (I think it is) saying T_STRING, T_VARIABLE or $ is expected.
But for the "bug" itself, it comes from the bitwise operator and how ASCII characters are used in those operations. The expression you write:
PHP Code:
'[' . $_SERVER['SERVER_SOFTWARE'] . '] [' . basename(__file__) . '] [' . (string)$Str_CalledFunction . '] [' . __line__ . '] [' . mysql_error() | -9999 . false . null . ThisIsNotAVariable . '].'
Will looks like this when all is concated before the bitwise OR operator is used:
PHP Code:
'[Apache/2.2.11 (Win32) PHP/5.3.0RC2-dev] [test.php] [] [6] [' . | . '-9999ThisIsNotAVariable]';
I'm not totally into bitwise operations and ASCII and how the 'weird' characters comes into the picture, but I'm sure it has a logical explanation =)