Upgrading PHP to 7.0.6 can crash your scripts
After updating PHP to version 7.0.6 many users have noticed problem with their websites that no longer working in some cases. After detailed examination we can see the problem occurs with some scripts and code. The reason is a few major issues that were fixed in 7.0.6 and which can affect your scripts or framework code.
This article originally was written in Russian by Albert Stepantsev for Habrahabr portal and once I found it I thought it worth to share this information with the rest of the community and here is my translation in English. I hope it will save your time. So, here we go.
Which bugs were fixed in PHP 7.0.6?
Testing example:
The most laconically example can be taken from the description of latest founded bug www.pastebucket.com/97499 in original)
class Test
{
protected $attributes = [
'attribute1' => 'value1',
];
public function __get($name)
{
print "GET\n";
if (array_key_exists($name, $this->attributes)) {
return $this->attributes[$name];
}
trigger_error("Property $name does not exist");
return null;
}
public function __isset($name)
{
print "ISSET\n";
return array_key_exists($name, $this->attributes);
}
}
$obj = new Test();
var_dump($obj->attribute1 ?? 'default');
//GET
//string(6) "value1"
var_dump($obj->attribute2 ?? 'default');
//GET
//PHP Notice: Property attribute2 does not exist in /var/www/html/test.php on line 23
//string(7) "default"
Is there something easier? Yes.
In some cases you can use the isset()
and empty()
language constructions without the call of magical isset()
method in class, but call get()
directly and decision can be taken on returned result.
Now it’s fixed. It is hoped that __isset()
will be called first in all cases of using isset()
or empty()
on “magical” behavior or “magical” keys of ArrayAccess array variable-object.
How it threatens me personally?
If there is a get()
method in your class, but no isset()
method, your code will be “broken”. Therefore in all such cases isset()
will always return false
and empty() === true
.
Solutions?
I would prefer to downgrade PHP to 7.0.5 and make code refactoring. I doubt there are lot of places in your scripts where is get()
, but no isset()
. Would be good to add a rule in your code analyzer and deny commit of such toxic code afterwards.
About author
Eugene has been a part of and worked in many of the web development roles over the years, taking on various projects. At the present moment, he is involved as a team manager working inside his personal projects. This blog is specifically dedicated to start-up businesses, team management, and how to maximize your success with Open Source ideology.