if (!\method_exists($cancellable, 'then') || !\method_exists($cancellable, 'cancel')) {
return;
}
Somehow, it does not only work if $thenable is an object. If it is a string, and the contents of the string can be resolved to a class in the global namespace, and the class has these methods it can lead to unwanted behavior.
I highly doubt it was intended to work like that, I think the intention was only to check if an object instance $cancellable has these methods.
I suggest to add check to ensure $cancellable is not a primitive before checking method_exists, like that:
In CancellationQueue this condition:
Somehow, it does not only work if
$thenableis an object. If it is a string, and the contents of the string can be resolved to a class in the global namespace, and the class has these methods it can lead to unwanted behavior.I highly doubt it was intended to work like that, I think the intention was only to check if an object instance
$cancellablehas these methods.I suggest to add check to ensure
$cancellableis not a primitive before checking method_exists, like that: