Skip to content

Fix phpstan/phpstan#14241: Cannot re-assign auto-global variable in parameters #5153

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ondrejmirtes merged 3 commits into from
Mar 23, 2026
Merged

Fix phpstan/phpstan#14241: Cannot re-assign auto-global variable in parameters #5153

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
38a8d6f
Fix phpstan/phpstan#14241: Report error for auto-global variable in p…
phpstan-bot Mar 8, 2026
4f0c9d4
Rework
staabm Mar 9, 2026
6eb1bb1
Address review: hook onto Param node, improve error messages
phpstan-bot Mar 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,7 @@ lint:
--exclude tests/PHPStan/Rules/Classes/data/bug-14250-promoted-properties.php \
--exclude tests/PHPStan/Rules/Operators/data/bug-3585.php \
--exclude tests/PHPStan/Rules/EnumCases/data/bug-14252.php \
--exclude tests/PHPStan/Rules/Functions/data/bug-14241.php \
src tests

install-paratest:
Expand Down
59 changes: 59 additions & 0 deletions src/Rules/Functions/InvalidParameterNameRule.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
<?php declare(strict_types = 1);

namespace PHPStan\Rules\Functions;

use PhpParser\Node;
use PHPStan\Analyser\Scope;
use PHPStan\DependencyInjection\RegisteredRule;
use PHPStan\Rules\Rule;
use PHPStan\Rules\RuleErrorBuilder;
use function in_array;
use function is_string;
use function sprintf;

/**
* @implements Rule<Node\Param>
*/
#[RegisteredRule(level: 0)]
final class InvalidParameterNameRule implements Rule
{

public function getNodeType(): string
{
return Node\Param::class;
}

public function processNode(Node $node, Scope $scope): array
{
if (!$node->var instanceof Node\Expr\Variable) {
return [];
}

if (!is_string($node->var->name)) {
return [];
}

$variableName = $node->var->name;

if (in_array($variableName, Scope::SUPERGLOBAL_VARIABLES, true)) {
return [
RuleErrorBuilder::message(sprintf('Superglobal variable $%s cannot be used as a parameter.', $variableName))
->identifier('parameter.superglobal')
->nonIgnorable()
->build(),
];
}

if ($variableName === 'this') {
return [
RuleErrorBuilder::message('Cannot use $this as parameter.')
->identifier('parameter.this')
->nonIgnorable()
->build(),
];
}

return [];
}

}
65 changes: 65 additions & 0 deletions tests/PHPStan/Rules/Functions/InvalidParameterNameRuleTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
<?php declare(strict_types = 1);

namespace PHPStan\Rules\Functions;

use PHPStan\Rules\Rule;
use PHPStan\Testing\RuleTestCase;

/**
* @extends RuleTestCase<InvalidParameterNameRule>
*/
class InvalidParameterNameRuleTest extends RuleTestCase
{

protected function getRule(): Rule
{
return new InvalidParameterNameRule();
}

public function testRule(): void
{
$this->analyse([__DIR__ . '/data/bug-14241.php'], [
[
'Superglobal variable $_FILES cannot be used as a parameter.',
5,
],
[
'Superglobal variable $_GET cannot be used as a parameter.',
7,
],
[
'Superglobal variable $_POST cannot be used as a parameter.',
7,
],
[
'Superglobal variable $_SERVER cannot be used as a parameter.',
13,
],
[
'Superglobal variable $_SESSION cannot be used as a parameter.',
15,
],
[
'Superglobal variable $_COOKIE cannot be used as a parameter.',
18,
],
[
'Superglobal variable $_REQUEST cannot be used as a parameter.',
20,
],
[
'Superglobal variable $_ENV cannot be used as a parameter.',
22,
],
[
'Superglobal variable $GLOBALS cannot be used as a parameter.',
24,
],
[
'Cannot use $this as parameter.',
26,
],
]);
}

}
26 changes: 26 additions & 0 deletions tests/PHPStan/Rules/Functions/data/bug-14241.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
<?php declare(strict_types = 1);

namespace Bug14241;
Copy link
Copy Markdown
Contributor

@staabm staabm Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should have another test for

<?php

// This should work, but *not* generate a binding for $GLOBALS
$a = 123;
$fn = fn() => $GLOBALS['a'];
var_dump($fn());

which should not produce a error.

see

Copy link
Copy Markdown
Member

@ondrejmirtes ondrejmirtes Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's no Param in that code so the rule won't trigger at all.


function doFoo($_FILES): void {}

function doBar($_GET, $_POST): void {}

function doBaz($ok): void {}

class Foo
{
public function doFoo($_SERVER): void {}

public static function doBar($_SESSION): void {}
}

$f = function ($_COOKIE): void {};

$g = fn ($_REQUEST) => $_REQUEST;

function doQux($_ENV): void {}

function doQuux($GLOBALS): void {}

function doThis($this) {}
Loading