[PHP-CVS] cvs: php-src /ext/spl spl_directory.c ZendEngine2 zend_closures.c zend_interfaces.c zend_interfaces.h

Mon, 22 Dec 2008 05:51:01 -0800 

colder          Mon Dec 22 13:50:43 2008 UTC

  Modified files:              
    /ZendEngine2        zend_closures.c zend_interfaces.c zend_interfaces.h 
    /php-src/ext/spl    spl_directory.c 
  Log:
  Fix #46646 (Implement zend functions to restrict serialization or internal 
classes)
  
http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_closures.c?r1=1.15&r2=1.16&diff_format=u
Index: ZendEngine2/zend_closures.c
diff -u ZendEngine2/zend_closures.c:1.15 ZendEngine2/zend_closures.c:1.16
--- ZendEngine2/zend_closures.c:1.15    Thu Nov 27 19:02:44 2008
+++ ZendEngine2/zend_closures.c Mon Dec 22 13:50:43 2008
@@ -17,11 +17,12 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: zend_closures.c,v 1.15 2008/11/27 19:02:44 dmitry Exp $ */
+/* $Id: zend_closures.c,v 1.16 2008/12/22 13:50:43 colder Exp $ */
 
 #include "zend.h"
 #include "zend_API.h"
 #include "zend_closures.h"
+#include "zend_interfaces.h"
 #include "zend_objects.h"
 #include "zend_objects_API.h"
 #include "zend_globals.h"
@@ -78,20 +79,6 @@
 }
 /* }}} */
 
-static int zend_closure_serialize(zval *object, int *type, zstr *buffer, 
zend_uint *buf_len, zend_serialize_data *data TSRMLS_DC) /* {{{ */
-{
-       zend_error(E_RECOVERABLE_ERROR, "Serialization of 'Closure' is not 
allowed");
-       return FAILURE;
-}
-/* }}} */
-
-static int zend_closure_unserialize(zval **object, zend_class_entry *ce, int 
type, const zstr buf, zend_uint buf_len, zend_unserialize_data *data TSRMLS_DC) 
/* {{{ */
-{
-       zend_error(E_RECOVERABLE_ERROR, "Unserialization of 'Closure' is not 
allowed");
-       return FAILURE;
-}
-/* }}} */
-
 static int zend_closure_compare_objects(zval *o1, zval *o2 TSRMLS_DC) /* {{{ */
 {
        return (Z_OBJ_HANDLE_P(o1) != Z_OBJ_HANDLE_P(o2));
@@ -247,8 +234,8 @@
        zend_ce_closure = zend_register_internal_class(&ce TSRMLS_CC);
        zend_ce_closure->ce_flags |= ZEND_ACC_FINAL_CLASS;
        zend_ce_closure->create_object = zend_closure_new;
-       zend_ce_closure->serialize = zend_closure_serialize;
-       zend_ce_closure->unserialize = zend_closure_unserialize;
+       zend_ce_closure->serialize = zend_class_serialize_deny;
+       zend_ce_closure->unserialize = zend_class_unserialize_deny;
 
        memcpy(&closure_handlers, zend_get_std_object_handlers(), 
sizeof(zend_object_handlers));
        closure_handlers.get_constructor = zend_closure_get_constructor;
http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_interfaces.c?r1=1.74&r2=1.75&diff_format=u
Index: ZendEngine2/zend_interfaces.c
diff -u ZendEngine2/zend_interfaces.c:1.74 ZendEngine2/zend_interfaces.c:1.75
--- ZendEngine2/zend_interfaces.c:1.74  Thu Nov 27 19:02:44 2008
+++ ZendEngine2/zend_interfaces.c       Mon Dec 22 13:50:43 2008
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: zend_interfaces.c,v 1.74 2008/11/27 19:02:44 dmitry Exp $ */
+/* $Id: zend_interfaces.c,v 1.75 2008/12/22 13:50:43 colder Exp $ */
 
 #include "zend.h"
 #include "zend_API.h"
@@ -471,6 +471,19 @@
 }
 /* }}} */
 
+ZEND_API int zend_class_serialize_deny(zval *object, int *type, zstr *buffer, 
zend_uint *buf_len, zend_serialize_data *data TSRMLS_DC) /* {{{ */
+{
+       zend_class_entry *ce = Z_OBJCE_P(object);
+       zend_throw_exception_ex(NULL, 0 TSRMLS_CC, "Serialization of '%s' is 
not allowed", ce->name);
+       return FAILURE;
+} /* }}} */
+
+ZEND_API int zend_class_unserialize_deny(zval **object, zend_class_entry *ce, 
int type, const zstr buf, zend_uint buf_len, zend_unserialize_data *data 
TSRMLS_DC) /* {{{ */
+{
+       zend_throw_exception_ex(NULL, 0 TSRMLS_CC, "Unserialization of '%s' is 
not allowed", ce->name);
+       return FAILURE;
+} /* }}} */
+
 /* {{{ zend_implement_serializable */
 static int zend_implement_serializable(zend_class_entry *interface, 
zend_class_entry *class_type TSRMLS_DC)
 {
http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_interfaces.h?r1=1.24&r2=1.25&diff_format=u
Index: ZendEngine2/zend_interfaces.h
diff -u ZendEngine2/zend_interfaces.h:1.24 ZendEngine2/zend_interfaces.h:1.25
--- ZendEngine2/zend_interfaces.h:1.24  Sun Aug 24 17:01:22 2008
+++ ZendEngine2/zend_interfaces.h       Mon Dec 22 13:50:43 2008
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: zend_interfaces.h,v 1.24 2008/08/24 17:01:22 colder Exp $ */
+/* $Id: zend_interfaces.h,v 1.25 2008/12/22 13:50:43 colder Exp $ */
 
 #ifndef ZEND_INTERFACES_H
 #define ZEND_INTERFACES_H
@@ -69,6 +69,9 @@
 ZEND_API int zend_user_serialize(zval *object, int *type, zstr *buffer, 
zend_uint *buf_len, zend_serialize_data *data TSRMLS_DC);
 ZEND_API int zend_user_unserialize(zval **object, zend_class_entry *ce, int 
type, const zstr buf, zend_uint buf_len, zend_unserialize_data *data TSRMLS_DC);
 
+ZEND_API int zend_class_serialize_deny(zval *object, int *type, zstr *buffer, 
zend_uint *buf_len, zend_serialize_data *data TSRMLS_DC);
+ZEND_API int zend_class_unserialize_deny(zval **object, zend_class_entry *ce, 
int type, const zstr buf, zend_uint buf_len, zend_unserialize_data *data 
TSRMLS_DC);
+
 END_EXTERN_C()
 
 #endif /* ZEND_INTERFACES_H */
http://cvs.php.net/viewvc.cgi/php-src/ext/spl/spl_directory.c?r1=1.175&r2=1.176&diff_format=u
Index: php-src/ext/spl/spl_directory.c
diff -u php-src/ext/spl/spl_directory.c:1.175 
php-src/ext/spl/spl_directory.c:1.176
--- php-src/ext/spl/spl_directory.c:1.175       Thu Nov 27 19:02:45 2008
+++ php-src/ext/spl/spl_directory.c     Mon Dec 22 13:50:43 2008
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: spl_directory.c,v 1.175 2008/11/27 19:02:45 dmitry Exp $ */
+/* $Id: spl_directory.c,v 1.176 2008/12/22 13:50:43 colder Exp $ */
 
 #ifdef HAVE_CONFIG_H
 # include "config.h"
@@ -2753,6 +2753,8 @@
        spl_filesystem_object_handlers.clone_obj      = 
spl_filesystem_object_clone;
        spl_filesystem_object_handlers.cast_object    = 
spl_filesystem_object_cast;
        spl_filesystem_object_handlers.get_debug_info = 
spl_filesystem_object_get_debug_info;
+       spl_ce_SplFileInfo->serialize = zend_class_serialize_deny;
+       spl_ce_SplFileInfo->unserialize = zend_class_unserialize_deny;
 
        REGISTER_SPL_SUB_CLASS_EX(DirectoryIterator, SplFileInfo, 
spl_filesystem_object_new, spl_DirectoryIterator_functions);
        zend_class_implements(spl_ce_DirectoryIterator TSRMLS_CC, 1, 
zend_ce_iterator);



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to