jani                                     Sat, 01 Aug 2009 00:48:04 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=286605

Log:
- Fixed bug #49074 (private class static fields can be modified by using 
reflection)

Bug: http://bugs.php.net/49074 (Verified) private class static fields can be 
modified by using reflection
      
Changed paths:
    U   php/php-src/branches/PHP_5_2/NEWS
    U   php/php-src/branches/PHP_5_2/ext/reflection/php_reflection.c
    U   php/php-src/branches/PHP_5_3/NEWS
    U   php/php-src/branches/PHP_5_3/ext/reflection/php_reflection.c
    U   php/php-src/trunk/ext/reflection/php_reflection.c

Modified: php/php-src/branches/PHP_5_2/NEWS
===================================================================
--- php/php-src/branches/PHP_5_2/NEWS   2009-07-31 23:46:19 UTC (rev 286604)
+++ php/php-src/branches/PHP_5_2/NEWS   2009-08-01 00:48:04 UTC (rev 286605)
@@ -5,6 +5,8 @@
   defined as a file handle. (Ilia)
 - Fixed memory leak in stream_is_local(). (Felipe)

+- Fixed bug #49074 (private class static fields can be modified by using
+  reflection). (Jani)
 - Fixed bug #49052 (context option headers freed too early when using
   --with-curlwrappers). (Jani)
 - Fixed bug #49032 (SplFileObject::fscanf() variables passed by reference).

Modified: php/php-src/branches/PHP_5_2/ext/reflection/php_reflection.c
===================================================================
--- php/php-src/branches/PHP_5_2/ext/reflection/php_reflection.c        
2009-07-31 23:46:19 UTC (rev 286604)
+++ php/php-src/branches/PHP_5_2/ext/reflection/php_reflection.c        
2009-08-01 00:48:04 UTC (rev 286605)
@@ -2725,12 +2725,17 @@

                if (zend_hash_get_current_key_ex(CE_STATIC_MEMBERS(ce), &key, 
&key_len, &num_index, 0, &pos) != FAILURE && key) {
                        char *prop_name, *class_name;
+                       zval *prop_copy;

                        zend_unmangle_property_name(key, key_len-1, 
&class_name, &prop_name);

-                       zval_add_ref(value);
+                       /* copy: enforce read only access */
+                       ALLOC_ZVAL(prop_copy);
+                       *prop_copy = **value;
+                       zval_copy_ctor(prop_copy);
+                       INIT_PZVAL(prop_copy);

-                       zend_hash_update(Z_ARRVAL_P(return_value), prop_name, 
strlen(prop_name)+1, value, sizeof(zval *), NULL);
+                       add_assoc_zval(return_value, prop_name, prop_copy);
                }
                zend_hash_move_forward_ex(CE_STATIC_MEMBERS(ce), &pos);
        }

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS   2009-07-31 23:46:19 UTC (rev 286604)
+++ php/php-src/branches/PHP_5_3/NEWS   2009-08-01 00:48:04 UTC (rev 286605)
@@ -1,4 +1,4 @@
-´╗┐PHP                                                                        
NEWS
+PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2009, PHP 5.3.1
 - Fixed spl_autoload_unregister/spl_autoload_functions wrt. Closures and
@@ -8,7 +8,8 @@
 - Fixed signature generation/validation for zip archives in ext/phar. (Greg)
 - Fixed memory leak in stream_is_local(). (Felipe)

-- Fixed bug #48880 (Random Appearing open_basedir problem). (Rasmus+Gwynne)
+- Fixed bug #49074 (private class static fields can be modified by using
+  reflection). (Jani)
 - Fixed bug #49108 (2nd scan_dir produces seg fault). (Felipe)
 - Fixed bug #49065 ("disable_functions" php.ini option does not work on
   Zend extensions). (Stas)
@@ -46,6 +47,7 @@
 - Fixed bug #48854 (array_merge_recursive modifies arrays after first one).
   (Felipe)
 - Fixed bug #48802 (printf() returns incorrect outputted length). (Jani)
+- Fixed bug #48880 (Random Appearing open_basedir problem). (Rasmus, Gwynne)
 - Fixed bug #48791 (open office files always reported as corrupted). (Greg)
 - Fixed bug #48788 (RecursiveDirectoryIterator doesn't descend into symlinked
   directories). (Ilia)

Modified: php/php-src/branches/PHP_5_3/ext/reflection/php_reflection.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/reflection/php_reflection.c        
2009-07-31 23:46:19 UTC (rev 286604)
+++ php/php-src/branches/PHP_5_3/ext/reflection/php_reflection.c        
2009-08-01 00:48:04 UTC (rev 286605)
@@ -3030,6 +3030,7 @@
        if (zend_parse_parameters_none() == FAILURE) {
                return;
        }
+
        GET_REFLECTION_OBJECT_PTR(ce);

        zend_update_class_constants(ce TSRMLS_CC);
@@ -3045,12 +3046,17 @@

                if (zend_hash_get_current_key_ex(CE_STATIC_MEMBERS(ce), &key, 
&key_len, &num_index, 0, &pos) != FAILURE && key) {
                        char *prop_name, *class_name;
+                       zval *prop_copy;

                        zend_unmangle_property_name(key, key_len-1, 
&class_name, &prop_name);

-                       zval_add_ref(value);
+                       /* copy: enforce read only access */
+                       ALLOC_ZVAL(prop_copy);
+                       *prop_copy = **value;
+                       zval_copy_ctor(prop_copy);
+                       INIT_PZVAL(prop_copy);

-                       zend_hash_update(Z_ARRVAL_P(return_value), prop_name, 
strlen(prop_name)+1, value, sizeof(zval *), NULL);
+                       add_assoc_zval(return_value, prop_name, prop_copy);
                }
                zend_hash_move_forward_ex(CE_STATIC_MEMBERS(ce), &pos);
        }

Modified: php/php-src/trunk/ext/reflection/php_reflection.c
===================================================================
--- php/php-src/trunk/ext/reflection/php_reflection.c   2009-07-31 23:46:19 UTC 
(rev 286604)
+++ php/php-src/trunk/ext/reflection/php_reflection.c   2009-08-01 00:48:04 UTC 
(rev 286605)
@@ -3181,6 +3181,7 @@
        if (zend_parse_parameters_none() == FAILURE) {
                return;
        }
+
        GET_REFLECTION_OBJECT_PTR(ce);

        zend_update_class_constants(ce TSRMLS_CC);
@@ -3196,13 +3197,18 @@
                if (zend_hash_get_current_key_ex(CE_STATIC_MEMBERS(ce), &key, 
&key_len, &num_index, 0, &pos) != FAILURE) {
                        zstr prop_name, class_name;
                        int prop_name_len;
+                       zval *prop_copy;

                        zend_u_unmangle_property_name(IS_UNICODE, key, 
key_len-1, &class_name, &prop_name);
                        prop_name_len = u_strlen(prop_name.u);

-                       zval_add_ref(value);
+                       /* copy: enforce read only access */
+                       ALLOC_ZVAL(prop_copy);
+                       *prop_copy = **value;
+                       zval_copy_ctor(prop_copy);
+                       INIT_PZVAL(prop_copy);

-                       zend_u_hash_update(Z_ARRVAL_P(return_value), 
IS_UNICODE, prop_name, prop_name_len+1, value, sizeof(zval *), NULL);
+                       add_u_assoc_zval(return_value, IS_UNICODE, prop_name, 
prop_copy);
                }
                zend_hash_move_forward_ex(CE_STATIC_MEMBERS(ce), &pos);
        }

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to