jani Sat, 01 Aug 2009 00:48:04 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=286605
Log: - Fixed bug #49074 (private class static fields can be modified by using reflection) Bug: http://bugs.php.net/49074 (Verified) private class static fields can be modified by using reflection Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/reflection/php_reflection.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/reflection/php_reflection.c U php/php-src/trunk/ext/reflection/php_reflection.c Modified: php/php-src/branches/PHP_5_2/NEWS =================================================================== --- php/php-src/branches/PHP_5_2/NEWS 2009-07-31 23:46:19 UTC (rev 286604) +++ php/php-src/branches/PHP_5_2/NEWS 2009-08-01 00:48:04 UTC (rev 286605) @@ -5,6 +5,8 @@ defined as a file handle. (Ilia) - Fixed memory leak in stream_is_local(). (Felipe) +- Fixed bug #49074 (private class static fields can be modified by using + reflection). (Jani) - Fixed bug #49052 (context option headers freed too early when using --with-curlwrappers). (Jani) - Fixed bug #49032 (SplFileObject::fscanf() variables passed by reference). Modified: php/php-src/branches/PHP_5_2/ext/reflection/php_reflection.c =================================================================== --- php/php-src/branches/PHP_5_2/ext/reflection/php_reflection.c 2009-07-31 23:46:19 UTC (rev 286604) +++ php/php-src/branches/PHP_5_2/ext/reflection/php_reflection.c 2009-08-01 00:48:04 UTC (rev 286605) @@ -2725,12 +2725,17 @@ if (zend_hash_get_current_key_ex(CE_STATIC_MEMBERS(ce), &key, &key_len, &num_index, 0, &pos) != FAILURE && key) { char *prop_name, *class_name; + zval *prop_copy; zend_unmangle_property_name(key, key_len-1, &class_name, &prop_name); - zval_add_ref(value); + /* copy: enforce read only access */ + ALLOC_ZVAL(prop_copy); + *prop_copy = **value; + zval_copy_ctor(prop_copy); + INIT_PZVAL(prop_copy); - zend_hash_update(Z_ARRVAL_P(return_value), prop_name, strlen(prop_name)+1, value, sizeof(zval *), NULL); + add_assoc_zval(return_value, prop_name, prop_copy); } zend_hash_move_forward_ex(CE_STATIC_MEMBERS(ce), &pos); } Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2009-07-31 23:46:19 UTC (rev 286604) +++ php/php-src/branches/PHP_5_3/NEWS 2009-08-01 00:48:04 UTC (rev 286605) @@ -1,4 +1,4 @@ -PHP NEWS +PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2009, PHP 5.3.1 - Fixed spl_autoload_unregister/spl_autoload_functions wrt. Closures and @@ -8,7 +8,8 @@ - Fixed signature generation/validation for zip archives in ext/phar. (Greg) - Fixed memory leak in stream_is_local(). (Felipe) -- Fixed bug #48880 (Random Appearing open_basedir problem). (Rasmus+Gwynne) +- Fixed bug #49074 (private class static fields can be modified by using + reflection). (Jani) - Fixed bug #49108 (2nd scan_dir produces seg fault). (Felipe) - Fixed bug #49065 ("disable_functions" php.ini option does not work on Zend extensions). (Stas) @@ -46,6 +47,7 @@ - Fixed bug #48854 (array_merge_recursive modifies arrays after first one). (Felipe) - Fixed bug #48802 (printf() returns incorrect outputted length). (Jani) +- Fixed bug #48880 (Random Appearing open_basedir problem). (Rasmus, Gwynne) - Fixed bug #48791 (open office files always reported as corrupted). (Greg) - Fixed bug #48788 (RecursiveDirectoryIterator doesn't descend into symlinked directories). (Ilia) Modified: php/php-src/branches/PHP_5_3/ext/reflection/php_reflection.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/reflection/php_reflection.c 2009-07-31 23:46:19 UTC (rev 286604) +++ php/php-src/branches/PHP_5_3/ext/reflection/php_reflection.c 2009-08-01 00:48:04 UTC (rev 286605) @@ -3030,6 +3030,7 @@ if (zend_parse_parameters_none() == FAILURE) { return; } + GET_REFLECTION_OBJECT_PTR(ce); zend_update_class_constants(ce TSRMLS_CC); @@ -3045,12 +3046,17 @@ if (zend_hash_get_current_key_ex(CE_STATIC_MEMBERS(ce), &key, &key_len, &num_index, 0, &pos) != FAILURE && key) { char *prop_name, *class_name; + zval *prop_copy; zend_unmangle_property_name(key, key_len-1, &class_name, &prop_name); - zval_add_ref(value); + /* copy: enforce read only access */ + ALLOC_ZVAL(prop_copy); + *prop_copy = **value; + zval_copy_ctor(prop_copy); + INIT_PZVAL(prop_copy); - zend_hash_update(Z_ARRVAL_P(return_value), prop_name, strlen(prop_name)+1, value, sizeof(zval *), NULL); + add_assoc_zval(return_value, prop_name, prop_copy); } zend_hash_move_forward_ex(CE_STATIC_MEMBERS(ce), &pos); } Modified: php/php-src/trunk/ext/reflection/php_reflection.c =================================================================== --- php/php-src/trunk/ext/reflection/php_reflection.c 2009-07-31 23:46:19 UTC (rev 286604) +++ php/php-src/trunk/ext/reflection/php_reflection.c 2009-08-01 00:48:04 UTC (rev 286605) @@ -3181,6 +3181,7 @@ if (zend_parse_parameters_none() == FAILURE) { return; } + GET_REFLECTION_OBJECT_PTR(ce); zend_update_class_constants(ce TSRMLS_CC); @@ -3196,13 +3197,18 @@ if (zend_hash_get_current_key_ex(CE_STATIC_MEMBERS(ce), &key, &key_len, &num_index, 0, &pos) != FAILURE) { zstr prop_name, class_name; int prop_name_len; + zval *prop_copy; zend_u_unmangle_property_name(IS_UNICODE, key, key_len-1, &class_name, &prop_name); prop_name_len = u_strlen(prop_name.u); - zval_add_ref(value); + /* copy: enforce read only access */ + ALLOC_ZVAL(prop_copy); + *prop_copy = **value; + zval_copy_ctor(prop_copy); + INIT_PZVAL(prop_copy); - zend_u_hash_update(Z_ARRVAL_P(return_value), IS_UNICODE, prop_name, prop_name_len+1, value, sizeof(zval *), NULL); + add_u_assoc_zval(return_value, IS_UNICODE, prop_name, prop_copy); } zend_hash_move_forward_ex(CE_STATIC_MEMBERS(ce), &pos); }
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
