1.2.1000. Property Invasion

Property invasion exports a reference from an object, for external and direct modifications.

With a method that returns a reference, a link is created between an external variable and the private property. That way, it is possible to modify the object, without calling a property, or a method.

<?php

class x {
     private $p = 1;

     function &get() {
             return $this->p;
     }
}

$x = new x;
$y = &$x->get();
$y = 2;

print $x->get(); // 2

?>

1.2.1000.1. Suggestions

• Invading private properties and methods in PHP

1.2.1000.2. Specs

Short name	Classes/PropertyInvasion
Rulesets	All, Class Review
Exakat since	2.5.1
Severity	Minor
Time To Fix	Quick (30 mins)
Precision	Medium
Features	object-invasion
Available in	Entreprise Edition, Exakat Cloud