Attempts to call private/protected controller methods |
|||
|---|---|---|---|
| Date: | 08/02/2007 | Severity: | Minor |
| Status: | Bogus | Reporter: | Inquisitor |
| Version: | 1.5.4 | ||
| Keywords: | Libraries | ||
Description
CodeIgniter will attempt to call a controller method when it’s requested regardless of the access modifier on it (if running PHP 5).
This causes an error if the method happens to be private or protected, whereas it should just behave as if the method wasn’t found and display a 404.
Basically this is because method_exists() doesn’t check the access modifier of the method, returning true even if it’s private/protected.
This happens here (as far as I can see… possibly other places too):
CodeIgniter.php, line 203
CodeIgniter.php, line 209
Output.php, line 237
A good fix would just be to write a wrapper function which checks the modifiers also. Here’s an easy way of doing it:
http://uk2.php.net/manual/en/function.method-exists.php#65405
Code Sample
// Requested via /index.php/foo/bar
class Foo extends Controller
{
private function bar()
{
// Do stuff.
}
}
Expected Result
A 404 error.
Actual Result
call_user_func_array() [function.call-user-func-array]: First argument is expected to be a valid callback, ‘Foo::bar’ was given
Comment on Bug Report
| Posted by: Derek Allard on 7 August 2007 1:26pm | |
|
This isn’t a bug, CodeIgniter currently isn’t built to handle PHP5 only features such as private and public access modifiers, in an attempt to remain PHP 4 and 5 compatible. You can however use CodeIgniter to build private functions by preceeding the function with an underscore. |
