Yii2: protected function can still be called outside the class

Created on 29 May 2018  路  2Comments  路  Source: yiisoft/yii2

What steps will reproduce the problem?

Declare a class then extends BaseObject

class Sample extends \yii\base\BaseObject {
    private $_mode = 'mode';

    protected function getMode()
    {
        return $this->_mode;
    }
}

Now create new instance

$sample = new Sample();
echo $sample->mode;

// output:
// mode

Though you can't call the getMode() method directly but still I think this is an issue.

I think this is because how the __get($name) magic function works. When it checks if a method exists or not, it will return true because it has access to that method.

Additional info

| Q | A
| ---------------- | ---
| Yii version | 2.0.15.1
| PHP version | 5.6

ready for adoption bug
Source
picture vher2

Most helpful comment

I think it is BC. Some apps can use this by accident, for example.

picture dmirogin on 15 Jun 2018
👍4

All 2 comments

I think it is BC. Some apps can use this by accident, for example.

dmirogin picture dmirogin on 15 Jun 2018
👍4

Well, that is really a bug. If someone uses such behavior it's totally incorrect.

samdark picture samdark on 18 Jun 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Locustv2 picture Locustv2  路  3Comments
jpodpro picture jpodpro  路  3Comments
indicalabs picture indicalabs  路  3Comments
kminooie picture kminooie  路  3Comments
SamMousa picture SamMousa  路  3Comments