PHP Classes

problems with variable variables

Recommend this page to a friend!

      PHP Application Packer  >  PHP Application Packer package blog  >  How to Protect PHP So...  >  All threads  >  problems with variable variables  >  (Un) Subscribe thread alerts  
Subject:problems with variable variables
Summary:problems with variable variables
Messages:3
Author:Csongor Halmai
Date:2016-03-03 01:45:40
 

  1. problems with variable variables   Reply   Report abuse  
Picture of Csongor Halmai Csongor Halmai - 2016-03-03 01:45:40
I think I could use such a tool if it works really reliably. If the project contains hundreds of php files, or even more then there is no chance to check and test the result. That's the reason why it has to be reliable.

If I don't remember whether I had used variable variables in the code then the obfuscator might make to code wrong and my site won't work. This is unfortunately a deal breaker for me. It would be nice if the obfuscator could indicate that the name of a varible changed when this variable is used as a function name, variable name, class name, etc.

Example:

Source:
<?php
function sum($a,$b){
return $a+round($b);
}
$f = "sum";
echo $f(3.4, 5.6);
?>

Execution:
9

After obfuscation:
<?php function _1($_2,$_3){return $_2+$_3;}$_4="sum";echo $_4(3,6); ?>

Execution:
PHP Fatal error: Uncaught Error: Call to undefined function sum() in /home/halmaic/private/packApp/packed.php:1

  2. Re: problems with variable variables   Reply   Report abuse  
Picture of Vallo Reima Vallo Reima - 2016-03-03 07:25:30 - In reply to message 1 from Csongor Halmai
Some suggestions at first:
- It's important to follow the identifiers naming rules described in the readme.
- Use the dbg=true option (don't minify) to fix the renaming issues in large projects.
- The variable variables should be used only if clearly needed.

The variable variables names (or their prefix, even better) must be specified in the identifier exclusion list ('__' prefixed identifiers are not obfuscated by default). So, in your example:
1) either specify name/prefix, like:
$obj = new PackApp(3, ['exi' => ['sum']]); // instantiate
2) or use '__'
<?php
function __sum($a,$b){
return $a+round($b);
}
$f = "__sum";
echo $f(3.4, 5.6);

  3. Re: problems with variable variables   Reply   Report abuse  
Picture of Po Cak Po Cak - 2016-03-03 11:17:19 - In reply to message 2 from Vallo Reima
Thanks for your reply.

If someone starts a project with keeping these things in mind then it is good. But in my case the project is more than a decade old.

This means that it is impossible to rewrite or check the whole code base. In this case it would be nice if the obfuscator would tell that it had found a dangerous variable reference.

Do you think it is possible to do it?