Skip to content

[HttpClient] and assumption about var_dump with PHP8.x #46881

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mentalstring opened this issue Jul 7, 2022 · 1 comment
Closed

[HttpClient] and assumption about var_dump with PHP8.x #46881

mentalstring opened this issue Jul 7, 2022 · 1 comment
Labels
Bug HttpClient Status: Needs Review

Comments

@mentalstring
Copy link

mentalstring commented Jul 7, 2022
edited
Loading

Symfony version(s) affected

5.4 & others

Description

Some production setups set disable_functions to include var_dump (and exec, shell_exec, phpinfo, etc) for security purposes. This means that var_dump() may not be always be callable. This becomes relevant here:

symfony/src/Symfony/Component/HttpClient/HttpClientTrait.php

Lines 123 to 126 in 2633877

// Validate on_progress
if (!\is_callable($onProgress = $options['on_progress'] ?? 'var_dump')) {
throw new InvalidArgumentException(sprintf('Option "on_progress" must be callable, "%s" given.', get_debug_type($onProgress)));
}

The most common case is that on_progress is not set, so is_callable('var_dump') is the most common pattern.

This is a problem from PHP 8.0+ because the behaviour changed for is_callable('var_dump') when the function is disabled.

How to reproduce

$ # PHP 7.4
$ php -d'disable_functions=var_dump' -r 'var_export(is_callable("var_dump"));'
true

$ # PHP 8.0
$ php -d'disable_functions=var_dump' -r 'var_export(is_callable("var_dump"));'
false

Possible Solution

Perhaps switch var_dump to something innocuous like is_int?

Additional Context

No response
@guilliamxavier
Copy link
Contributor

If 'var_dump' is only used as a "dummy" for is_callable(), why not do the boring but straightforward

-        if (!\is_callable($onProgress = $options['on_progress'] ?? 'var_dump')) {
+        if (null !== ($onProgress = $options['on_progress'] ?? null) && !\is_callable($onProgress)) {

?

@nicolas-grekas nicolas-grekas mentioned this issue Jul 27, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug HttpClient Status: Needs Review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mentalstring @guilliamxavier @carsonbot