[PHP-CVS] svn: /php/php-src/ branches/PHP_5_2/NEWS branches/PHP_5_2/ext/simplexml/simplexml.c branches/PHP_5_3/NEWS branches/PHP_5_3/ext/simplexml/simplexml.c trunk/ext/simplexml/simplexml.c

Wed, 07 Oct 2009 06:26:24 -0700 

iliaa                                    Wed, 07 Oct 2009 12:46:29 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=289279

Log:
Fixed bug #49800 (SimpleXML allow (un)serialize() calls without warning).

# original patch by wmeler at wp-sa dot pl

Bug: http://bugs.php.net/49800 (Open) SimpleXML allow serialize() calls without 
warning
      
Changed paths:
    U   php/php-src/branches/PHP_5_2/NEWS
    U   php/php-src/branches/PHP_5_2/ext/simplexml/simplexml.c
    U   php/php-src/branches/PHP_5_3/NEWS
    U   php/php-src/branches/PHP_5_3/ext/simplexml/simplexml.c
    U   php/php-src/trunk/ext/simplexml/simplexml.c

Modified: php/php-src/branches/PHP_5_2/NEWS
===================================================================
--- php/php-src/branches/PHP_5_2/NEWS   2009-10-07 12:46:11 UTC (rev 289278)
+++ php/php-src/branches/PHP_5_2/NEWS   2009-10-07 12:46:29 UTC (rev 289279)
@@ -6,6 +6,8 @@
 - Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
   Stachowiak.  (Rasmus)

+- Fixed bug #49800 (SimpleXML allow (un)serialize() calls without warning).
+  (Ilia, wmeler at wp-sa dot pl)
 - Fixed bug #49757 (long2ip() can return wrong value in a multi-threaded
   applications). (Ilia, Florian Anderiasch)
 - Fixed bug #49738 (calling mcrypt() after mcrypt_generic_deinit() crashes).

Modified: php/php-src/branches/PHP_5_2/ext/simplexml/simplexml.c
===================================================================
--- php/php-src/branches/PHP_5_2/ext/simplexml/simplexml.c      2009-10-07 
12:46:11 UTC (rev 289278)
+++ php/php-src/branches/PHP_5_2/ext/simplexml/simplexml.c      2009-10-07 
12:46:29 UTC (rev 289279)
@@ -2412,6 +2412,8 @@
        sxe_class_entry = zend_register_internal_class(&sxe TSRMLS_CC);
        sxe_class_entry->get_iterator = php_sxe_get_iterator;
        sxe_class_entry->iterator_funcs.funcs = &php_sxe_iterator_funcs;
+       sxe_class_entry->serialize = zend_class_serialize_deny;
+       sxe_class_entry->unserialize = zend_class_unserialize_deny;
        zend_class_implements(sxe_class_entry TSRMLS_CC, 1, 
zend_ce_traversable);
        sxe_object_handlers.get_method = 
zend_get_std_object_handlers()->get_method;
        sxe_object_handlers.get_constructor = 
zend_get_std_object_handlers()->get_constructor;

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS   2009-10-07 12:46:11 UTC (rev 289278)
+++ php/php-src/branches/PHP_5_3/NEWS   2009-10-07 12:46:29 UTC (rev 289279)
@@ -13,6 +13,8 @@
 - Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
   Stachowiak.  (Rasmus)

+- Fixed bug #49800 (SimpleXML allow (un)serialize() calls without warning).
+  (Ilia, wmeler at wp-sa dot pl)
 - Fixed bug #49757 (long2ip() can return wrong value in a multi-threaded
   applications). (Ilia, Florian Anderiasch)
 - Fixed bug #49738 (calling mcrypt after mcrypt_generic_deinit crashes).

Modified: php/php-src/branches/PHP_5_3/ext/simplexml/simplexml.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/simplexml/simplexml.c      2009-10-07 
12:46:11 UTC (rev 289278)
+++ php/php-src/branches/PHP_5_3/ext/simplexml/simplexml.c      2009-10-07 
12:46:29 UTC (rev 289279)
@@ -2531,8 +2531,9 @@
        sxe_object_handlers.get_constructor = 
zend_get_std_object_handlers()->get_constructor;
        sxe_object_handlers.get_class_entry = 
zend_get_std_object_handlers()->get_class_entry;
        sxe_object_handlers.get_class_name = 
zend_get_std_object_handlers()->get_class_name;
+       sxe_class_entry->serialize = zend_class_serialize_deny;
+       sxe_class_entry->unserialize = zend_class_unserialize_deny;

-
        php_libxml_register_export(sxe_class_entry, simplexml_export_node);

        PHP_MINIT(sxe)(INIT_FUNC_ARGS_PASSTHRU);

Modified: php/php-src/trunk/ext/simplexml/simplexml.c
===================================================================
--- php/php-src/trunk/ext/simplexml/simplexml.c 2009-10-07 12:46:11 UTC (rev 
289278)
+++ php/php-src/trunk/ext/simplexml/simplexml.c 2009-10-07 12:46:29 UTC (rev 
289279)
@@ -2588,6 +2588,8 @@
        sxe_class_entry = zend_register_internal_class(&sxe TSRMLS_CC);
        sxe_class_entry->get_iterator = php_sxe_get_iterator;
        sxe_class_entry->iterator_funcs.funcs = &php_sxe_iterator_funcs;
+       sxe_class_entry->serialize = zend_class_serialize_deny;
+       sxe_class_entry->unserialize = zend_class_unserialize_deny;
        zend_class_implements(sxe_class_entry TSRMLS_CC, 1, 
zend_ce_traversable);
        sxe_object_handlers.get_method = 
zend_get_std_object_handlers()->get_method;
        sxe_object_handlers.get_constructor = 
zend_get_std_object_handlers()->get_constructor;


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to