1.2.139. Class Overreach

An object of class A may reach any private or protected properties, constants or methods in another object of the same class. This is a PHP feature, though seldom known.

This feature is also called class invasion.

<?php

class A {
    private $p = 1;

    public function foo(A $a) {
        return $a->p + 1;
    }
}

echo (new A)->foo(new A);

?>

See also Visibility from other objects and spatie/invade.

1.2.139.1. Suggestions

  • Use a getter to reach inside the other object private properties

1.2.139.2. Specs

Short name

Classes/ClassOverreach

Rulesets

All, Appinfo

Exakat since

2.2.2

PHP Version

All

Severity

Minor

Time To Fix

Slow (1 hour)

Precision

Medium

Features

visibility, class-invasion

Available in

Entreprise Edition, Exakat Cloud