Skip to content

[HttpClient] and assumption about var_dump with PHP8.x #46881

New issue
New issue
Closed
Closed
[HttpClient] and assumption about var_dump with PHP8.x#46881
Labels
BugHttpClientStatus: Needs Review
@mentalstring

Description

@mentalstring
mentalstring
opened on Jul 7, 2022

Symfony version(s) affected

5.4 & others

Description

Some production setups set disable_functions to include var_dump (and exec, shell_exec, phpinfo, etc) for security purposes. This means that var_dump() may not be always be callable. This becomes relevant here:

symfony/src/Symfony/Component/HttpClient/HttpClientTrait.php

Lines 123 to 126 in 2633877

// Validate on_progress
if (!\is_callable($onProgress = $options['on_progress'] ?? 'var_dump')) {
throw new InvalidArgumentException(sprintf('Option "on_progress" must be callable, "%s" given.', get_debug_type($onProgress)));
}

The most common case is that on_progress is not set, so is_callable('var_dump') is the most common pattern.

This is a problem from PHP 8.0+ because the behaviour changed for is_callable('var_dump') when the function is disabled.

How to reproduce

$ # PHP 7.4
$ php -d'disable_functions=var_dump' -r 'var_export(is_callable("var_dump"));'
true

$ # PHP 8.0
$ php -d'disable_functions=var_dump' -r 'var_export(is_callable("var_dump"));'
false

Possible Solution

Perhaps switch var_dump to something innocuous like is_int?

Additional Context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugHttpClientStatus: Needs Review

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions