Closed
Description
Symfony version(s) affected: 5.1.0
Description
VarCloner::cloneVar fails when cloning $GLOBALS, if $GLOBALS is used in spl_autoload_register callback.
This happens because VarCloner::cloneVar replaces $GLOBALS with an instance of Symfony\Component\VarDumper\Cloner\Stub. $GLOBALS is returned to the original array, once the method execution ends.
Normally, this is not an issue, because third-party code does not execute between this period. But if $GLOBALS is used in an autoload handler, the the handler may be invoked before $GLOBALS can be reset to its original value.
How to reproduce
Example 1: Minimal Reproducible Example
<?php
use Symfony\Component\VarDumper\Caster\Caster;
use Symfony\Component\VarDumper\Cloner\VarCloner;
include __DIR__ . '/../vendor/autoload.php';
spl_autoload_register(function ($class) {
if (isset($GLOBALS['SOME_GLOBAL_VARIABLE'])) {}
return false;
}, false, true);
$cloner = new VarCloner();
$cloneVar = $cloner->cloneVar($GLOBALS, Caster::EXCLUDE_VERBOSE);Example 2
I am getting the error with Whoops error handler, which uses symfony var dumper.
<?php
use Whoops\Handler\PrettyPageHandler;
use Whoops\Run;
include __DIR__ . '/../vendor/autoload.php';
spl_autoload_register(function ($class) {
if (empty($GLOBALS['__composer_autoload_files'])) {
}
}, false, true);
$whoops = new Run();
$whoops->pushHandler(new PrettyPageHandler());
$whoops->register();
try {
$db = new \PDO('mysql:dbname=testdb;host=127.0.0.1');
} catch (\Exception $e) {
}
// Trigger Whoops Handler
echo $undefined_variable;Possible Solution
Additional context