[PHP-CVS] cvs: php-src /ext/standard var_unserializer.re

Mon, 14 Feb 2005 13:57:13 -0800 

helly           Mon Feb 14 15:58:25 2005 EDT

  Modified files:              
    /php-src/ext/standard       var_unserializer.re 
  Log:
  - Disallow illegal class names
  
http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.re?r1=1.40&r2=1.41&ty=u
Index: php-src/ext/standard/var_unserializer.re
diff -u php-src/ext/standard/var_unserializer.re:1.40 
php-src/ext/standard/var_unserializer.re:1.41
--- php-src/ext/standard/var_unserializer.re:1.40       Sun Jan 30 11:38:53 2005
+++ php-src/ext/standard/var_unserializer.re    Mon Feb 14 15:58:22 2005
@@ -16,7 +16,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: var_unserializer.re,v 1.40 2005/01/30 16:38:53 iliaa Exp $ */
+/* $Id: var_unserializer.re,v 1.41 2005/02/14 20:58:22 helly Exp $ */
 
 #include "php.h"
 #include "ext/standard/php_var.h"
@@ -473,7 +473,7 @@
 }
 
 "O:" uiv ":" ["]       {
-       size_t len, len2, maxlen;
+       size_t len, len2, len3, maxlen;
        int elements;
        char *class_name;
        zend_class_entry *ce;
@@ -506,6 +506,13 @@
                return 0;
        }
 
+       len3 = strspn(class_name, 
"0123456789_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ");
+       if (len3 != len)
+       {
+               *p = YYCURSOR + len3 - len;
+               return 0;
+       }
+
        class_name = estrndup(class_name, len);
 
        do {

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to