Prevent accessing object properties using array access (#18403)

Grzegorz Rajchman · taylorotwell · commit 26475a4c1781 · 2017-03-23T09:23:16.000-05:00
diff --git a/src/Illuminate/Database/Eloquent/Model.php b/src/Illuminate/Database/Eloquent/Model.php
@@ -1254,7 +1254,7 @@ public function __set($key, $value)
      */
     public function offsetExists($offset)
     {
-        return isset($this->$offset);
+        return ! is_null($this->getAttribute($offset));
     }
 
     /**
@@ -1265,7 +1265,7 @@ public function offsetExists($offset)
      */
     public function offsetGet($offset)
     {
-        return $this->$offset;
+        return $this->getAttribute($offset);
     }
 
     /**
@@ -1277,7 +1277,7 @@ public function offsetGet($offset)
      */
     public function offsetSet($offset, $value)
     {
-        $this->$offset = $value;
+        $this->setAttribute($offset, $value);
     }
 
     /**
@@ -1288,7 +1288,7 @@ public function offsetSet($offset, $value)
      */
     public function offsetUnset($offset)
     {
-        unset($this->$offset);
+        unset($this->attributes[$offset], $this->relations[$offset]);
     }
 
     /**
@@ -1299,7 +1299,7 @@ public function offsetUnset($offset)
      */
     public function __isset($key)
     {
-        return ! is_null($this->getAttribute($key));
+        return $this->offsetExists($key);
     }
 
     /**
@@ -1310,7 +1310,7 @@ public function __isset($key)
      */
     public function __unset($key)
     {
-        unset($this->attributes[$key], $this->relations[$key]);
+        $this->offsetUnset($key);
     }
 
     /**
diff --git a/src/Illuminate/Support/Fluent.php b/src/Illuminate/Support/Fluent.php
@@ -94,7 +94,7 @@ public function toJson($options = 0)
      */
     public function offsetExists($offset)
     {
-        return isset($this->{$offset});
+        return isset($this->attributes[$offset]);
     }
 
     /**
@@ -105,7 +105,7 @@ public function offsetExists($offset)
      */
     public function offsetGet($offset)
     {
-        return $this->{$offset};
+        return $this->get($offset);
     }
 
     /**
@@ -117,7 +117,7 @@ public function offsetGet($offset)
      */
     public function offsetSet($offset, $value)
     {
-        $this->{$offset} = $value;
+        $this->attributes[$offset] = $value;
     }
 
     /**
@@ -128,7 +128,7 @@ public function offsetSet($offset, $value)
      */
     public function offsetUnset($offset)
     {
-        unset($this->{$offset});
+        unset($this->attributes[$offset]);
     }
 
     /**
@@ -165,7 +165,7 @@ public function __get($key)
      */
     public function __set($key, $value)
     {
-        $this->attributes[$key] = $value;
+        $this->offsetSet($key, $value);
     }
 
     /**
@@ -176,7 +176,7 @@ public function __set($key, $value)
      */
     public function __isset($key)
     {
-        return isset($this->attributes[$key]);
+        return $this->offsetExists($key);
     }
 
     /**
@@ -187,6 +187,6 @@ public function __isset($key)
      */
     public function __unset($key)
     {
-        unset($this->attributes[$key]);
+        $this->offsetUnset($key);
     }
 }
diff --git a/tests/Database/DatabaseEloquentModelTest.php b/tests/Database/DatabaseEloquentModelTest.php
@@ -98,6 +98,20 @@ public function testCalculatedAttributes()
         $this->assertEquals($hash, $model->password_hash);
     }
 
+    public function testArrayAccessToAttributes()
+    {
+        $model = new EloquentModelStub(['attributes' => 1, 'connection' => 2, 'table' => 3]);
+        unset($model['table']);
+
+        $this->assertTrue(isset($model['attributes']));
+        $this->assertEquals($model['attributes'], 1);
+        $this->assertTrue(isset($model['connection']));
+        $this->assertEquals($model['connection'], 2);
+        $this->assertFalse(isset($model['table']));
+        $this->assertEquals($model['table'], null);
+        $this->assertFalse(isset($model['with']));
+    }
+
     public function testNewInstanceReturnsNewInstanceWithAttributesSet()
     {
         $model = new EloquentModelStub;
diff --git a/tests/Support/SupportFluentTest.php b/tests/Support/SupportFluentTest.php
@@ -58,6 +58,18 @@ public function testGetMethodReturnsAttribute()
         $this->assertNull($fluent->foo);
     }
 
+    public function testArrayAccessToAttributes()
+    {
+        $fluent = new Fluent(['attributes' => '1']);
+
+        $this->assertTrue(isset($fluent['attributes']));
+        $this->assertEquals($fluent['attributes'], 1);
+
+        $fluent->attributes();
+
+        $this->assertTrue($fluent['attributes']);
+    }
+
     public function testMagicMethodsCanBeUsedToSetAttributes()
     {
         $fluent = new Fluent;

Original file line number	Diff line number	Diff line change
`@@ -1254,7 +1254,7 @@ public function __set($key, $value)`
`1254`	`1254`	`*/`
`1255`	`1255`	`public function offsetExists($offset)`
`1256`	`1256`	`{`
`1257`		`- return isset($this->$offset);`
	`1257`	`+ return ! is_null($this->getAttribute($offset));`
`1258`	`1258`	`}`
`1259`	`1259`
`1260`	`1260`	`/**`
`@@ -1265,7 +1265,7 @@ public function offsetExists($offset)`
`1265`	`1265`	`*/`
`1266`	`1266`	`public function offsetGet($offset)`
`1267`	`1267`	`{`
`1268`		`- return $this->$offset;`
	`1268`	`+ return $this->getAttribute($offset);`
`1269`	`1269`	`}`
`1270`	`1270`
`1271`	`1271`	`/**`
`@@ -1277,7 +1277,7 @@ public function offsetGet($offset)`
`1277`	`1277`	`*/`
`1278`	`1278`	`public function offsetSet($offset, $value)`
`1279`	`1279`	`{`
`1280`		`- $this->$offset = $value;`
	`1280`	`+ $this->setAttribute($offset, $value);`
`1281`	`1281`	`}`
`1282`	`1282`
`1283`	`1283`	`/**`
`@@ -1288,7 +1288,7 @@ public function offsetSet($offset, $value)`
`1288`	`1288`	`*/`
`1289`	`1289`	`public function offsetUnset($offset)`
`1290`	`1290`	`{`
`1291`		`- unset($this->$offset);`
	`1291`	`+ unset($this->attributes[$offset], $this->relations[$offset]);`
`1292`	`1292`	`}`
`1293`	`1293`
`1294`	`1294`	`/**`
`@@ -1299,7 +1299,7 @@ public function offsetUnset($offset)`
`1299`	`1299`	`*/`
`1300`	`1300`	`public function __isset($key)`
`1301`	`1301`	`{`
`1302`		`- return ! is_null($this->getAttribute($key));`
	`1302`	`+ return $this->offsetExists($key);`
`1303`	`1303`	`}`
`1304`	`1304`
`1305`	`1305`	`/**`
`@@ -1310,7 +1310,7 @@ public function __isset($key)`
`1310`	`1310`	`*/`
`1311`	`1311`	`public function __unset($key)`
`1312`	`1312`	`{`
`1313`		`- unset($this->attributes[$key], $this->relations[$key]);`
	`1313`	`+ $this->offsetUnset($key);`
`1314`	`1314`	`}`
`1315`	`1315`
`1316`	`1316`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -94,7 +94,7 @@ public function toJson($options = 0)`
`94`	`94`	`*/`
`95`	`95`	`public function offsetExists($offset)`
`96`	`96`	`{`
`97`		`- return isset($this->{$offset});`
	`97`	`+ return isset($this->attributes[$offset]);`
`98`	`98`	`}`
`99`	`99`
`100`	`100`	`/**`
`@@ -105,7 +105,7 @@ public function offsetExists($offset)`
`105`	`105`	`*/`
`106`	`106`	`public function offsetGet($offset)`
`107`	`107`	`{`
`108`		`- return $this->{$offset};`
	`108`	`+ return $this->get($offset);`
`109`	`109`	`}`
`110`	`110`
`111`	`111`	`/**`
`@@ -117,7 +117,7 @@ public function offsetGet($offset)`
`117`	`117`	`*/`
`118`	`118`	`public function offsetSet($offset, $value)`
`119`	`119`	`{`
`120`		`- $this->{$offset} = $value;`
	`120`	`+ $this->attributes[$offset] = $value;`
`121`	`121`	`}`
`122`	`122`
`123`	`123`	`/**`
`@@ -128,7 +128,7 @@ public function offsetSet($offset, $value)`
`128`	`128`	`*/`
`129`	`129`	`public function offsetUnset($offset)`
`130`	`130`	`{`
`131`		`- unset($this->{$offset});`
	`131`	`+ unset($this->attributes[$offset]);`
`132`	`132`	`}`
`133`	`133`
`134`	`134`	`/**`
`@@ -165,7 +165,7 @@ public function __get($key)`
`165`	`165`	`*/`
`166`	`166`	`public function __set($key, $value)`
`167`	`167`	`{`
`168`		`- $this->attributes[$key] = $value;`
	`168`	`+ $this->offsetSet($key, $value);`
`169`	`169`	`}`
`170`	`170`
`171`	`171`	`/**`
`@@ -176,7 +176,7 @@ public function __set($key, $value)`
`176`	`176`	`*/`
`177`	`177`	`public function __isset($key)`
`178`	`178`	`{`
`179`		`- return isset($this->attributes[$key]);`
	`179`	`+ return $this->offsetExists($key);`
`180`	`180`	`}`
`181`	`181`
`182`	`182`	`/**`
`@@ -187,6 +187,6 @@ public function __isset($key)`
`187`	`187`	`*/`
`188`	`188`	`public function __unset($key)`
`189`	`189`	`{`
`190`		`- unset($this->attributes[$key]);`
	`190`	`+ $this->offsetUnset($key);`
`191`	`191`	`}`
`192`	`192`	`}`