1.2.131. Check On __Call Usage¶
When using the magic methods __call() and __staticcall(), make sure the method exists before calling it.
If the method doesn’t exists, then the same method will be called again, leading to the same failure. Finally, it will crash PHP.
<?php
class safeCall {
function __class($name, $args) {
// unsafe call, no checks
if (method_exists($this, $name)) {
$this->$name(...$args);
}
}
}
class unsafeCall {
function __class($name, $args) {
// unsafe call, no checks
$this->$name(...$args);
}
}
?>
See also Method overloading and Magical PHP: __call.
1.2.131.1. Connex PHP features¶
1.2.131.1.1. Suggestions¶
Add a call to method_exists() before using any method name
Relay the call to another object that doesn’t handle __call() or __callStatic()
1.2.131.1.2. Specs¶
Short name |
Classes/CheckOnCallUsage |
Rulesets |
|
Exakat since |
1.7.2 |
PHP Version |
All |
Severity |
Minor |
Time To Fix |
Quick (30 mins) |
Precision |
Very high |
Available in |