[php-maint] Bug#632194: Bug#632194: php5-common: var_export output data even with return=true

[Alexandre Leroy]

Thank you for such a quick reply.

The issue might be caused by debian/patches/CVE-2010-2531.patch (added 
in commit 2608046bb09fd7b2e2a8d72f2f167dae6ba0298e).
At line 84:
php_printf(" '%s' => ", prop_name);
might explain this output.

Regards,
Alex

On 06/30/2011 05:14 PM, Ondřej Surý wrote:
> I'll look into it tomorrow. Looks like some of the backported security
> patches has caused this regression.
>
> O.
>
> On Thu, Jun 30, 2011 at 15:28, Alexandre Leroy
> <alexandre.leroy at zslide.com>  wrote:
>> Package: php5-common
>> Version: 5.2.6.dfsg.1-1+lenny12
>> Severity: normal
>>
>>
>> This bug was introduced in 5.2.6.dfsg.1-1+lenny12
>> When using var_export on an object, its members will be output even when
>> requesting result to be returned.
>>
>> How to reproduce:
>>> $ cat test.php
>> <?php #coding: utf-8
>>
>> class MyClass {
>>
>>     private $value;
>> }
>>
>> $a = array('foo' =>  'bar',
>>            'fail' =>  new MyClass);
>>
>> var_export($a, true);
>> echo ".\n";
>>
>> Expected result:
>>> $ php test.php
>> .
>>
>> Actual result:
>>> $ php test.php
>>   'value' =>  .
>>
>> -- System Information:
>> Debian Release: 5.0.8
>>   APT prefers oldstable
>>   APT policy: (500, 'oldstable')
>> Architecture: amd64 (x86_64)
>>
>> Kernel: Linux 2.6.26-2-xen-amd64 (SMP w/16 CPU cores)
>> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
>> Shell: /bin/sh linked to /bin/bash
>>
>> Versions of packages php5-common depends on:
>> ii  libc6                       2.7-18lenny7 GNU C Library: Shared libraries
>> ii  sed                         4.1.5-6      The GNU sed stream editor
>>
>> php5-common recommends no packages.
>>
>> php5-common suggests no packages.
>>
>> -- no debconf information
>>
>>
>>
>> _______________________________________________
>> pkg-php-maint mailing list
>> pkg-php-maint at lists.alioth.debian.org
>> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint
>>