1.2.832. No Return Or Throw In Finally¶
Avoid using return and throw in a finally block. Both command will interrupt the processing of the try catch block, and any exception that was emitted will not be processed. This leads to unprocessed exceptions, leaving the application in an unstable state.
Note that PHP prevents the usage of goto, break and continue within the finally block at linting phase. This is categorized as a Security problem.
<?php
function foo() {
try {
// Exception is thrown here
throw new \Exception();
} catch (Exception $e) {
// This is executed AFTER finally
return 'Exception';
} finally {
// This is executed BEFORE catch
return 'Finally';
}
}
}
// Displays 'Finally'. No exception
echo foo();
function bar() {
try {
// Exception is thrown here
throw new \Exception();
} catch (Exception $e) {
// Process the exception.
return 'Exception';
} finally {
// clean the current situation
// Keep running the current function
}
return 'Finally';
}
}
// Displays 'Exception', with processed Exception
echo bar();
?>
See also Return Inside Finally Block.
1.2.832.1. Suggestions¶
Move the return right after the try/catch/finally call
1.2.832.2. Specs¶
Short name |
Structures/NoReturnInFinally |
Rulesets |
|
Exakat since |
0.12.1 |
PHP Version |
All |
Severity |
Major |
Time To Fix |
Quick (30 mins) |
Precision |
Very high |
Features |
finally, return |
Available in |