Commit:    a0dff6fdcae1f4eaa96e68d1429fd38876c2796e
Author:    Stanislav Malyshev <s...@php.net>         Sat, 12 May 2012 22:12:48 
-0700
Parents:   9344bf193c6e35c8706923953f3e63bb01cc05ed
Branches:  PHP-5.4

Link:       
http://git.php.net/?p=php-src.git;a=commitdiff;h=a0dff6fdcae1f4eaa96e68d1429fd38876c2796e

Log:
fix bug #61782 - __clone/__destruct do not match other methods when checking 
access controls

Bugs:
https://bugs.php.net/61782

Changed paths:
  M  NEWS
  A  Zend/tests/bug61782.phpt
  M  Zend/zend_object_handlers.c
  M  Zend/zend_object_handlers.h
  M  Zend/zend_objects.c
  M  Zend/zend_vm_def.h
  M  Zend/zend_vm_execute.h

diff --git a/NEWS b/NEWS
index a4486c8..01beab5 100644
--- a/NEWS
+++ b/NEWS
@@ -20,6 +20,8 @@ PHP                                                           
             NEWS
     member of a null object). (Laruence)
   . Fixed bug #61978 (Object recursion not detected for classes that implement
     JsonSerializable). (Felipe)
+  . Fixed bug #61782 (__clone/__destruct do not match other methods when 
checking
+    access controls). (Stas)
   . Fixed bug #61730 (Segfault from array_walk modifying an array passed by
     reference). (Laruence)
   . Fixed bug #61922 (ZTS build doesn't accept zend.script_encoding config).
diff --git a/Zend/tests/bug61782.phpt b/Zend/tests/bug61782.phpt
new file mode 100644
index 0000000..95bf4e6
--- /dev/null
+++ b/Zend/tests/bug61782.phpt
@@ -0,0 +1,29 @@
+--TEST--
+Bug #61782 (__clone/__destruct do not match other methods when checking access 
controls)
+--FILE--
+<?php
+ abstract class BaseClass {
+        abstract protected function __clone();
+    }
+
+    class MommasBoy extends BaseClass {
+        protected function __clone() {
+            echo __METHOD__, "\n";
+        }
+    }
+
+    class LatchkeyKid extends BaseClass {
+        public function __construct() {
+            echo 'In ', __CLASS__, ":\n";
+            $kid = new MommasBoy();
+            $kid = clone $kid;
+        }
+        public function __clone() {}
+    }
+
+    $obj = new LatchkeyKid();
+echo "DONE\n";
+--EXPECT--
+In LatchkeyKid:
+MommasBoy::__clone
+DONE
diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c
index ba6221e..60095f7 100644
--- a/Zend/zend_object_handlers.c
+++ b/Zend/zend_object_handlers.c
@@ -66,11 +66,11 @@ ZEND_API void rebuild_object_properties(zend_object *zobj) 
/* {{{ */
                             
zend_hash_get_current_data_ex(&ce->properties_info, (void**)&prop_info, &pos) 
== SUCCESS;
                             zend_hash_move_forward_ex(&ce->properties_info, 
&pos)) {
                                if (/*prop_info->ce == ce &&*/
-                                   (prop_info->flags & ZEND_ACC_STATIC) == 0 
&& 
+                                   (prop_info->flags & ZEND_ACC_STATIC) == 0 &&
                                    prop_info->offset >= 0 &&
                                    zobj->properties_table[prop_info->offset]) {
                                        zend_hash_quick_add(zobj->properties, 
prop_info->name, prop_info->name_length+1, prop_info->h, 
(void**)&zobj->properties_table[prop_info->offset], sizeof(zval*), 
(void**)&zobj->properties_table[prop_info->offset]);
-                               }                               
+                               }
                        }
                        while (ce->parent && 
ce->parent->default_properties_count) {
                                ce = ce->parent;
@@ -78,12 +78,12 @@ ZEND_API void rebuild_object_properties(zend_object *zobj) 
/* {{{ */
                                     
zend_hash_get_current_data_ex(&ce->properties_info, (void**)&prop_info, &pos) 
== SUCCESS;
                                     
zend_hash_move_forward_ex(&ce->properties_info, &pos)) {
                                        if (prop_info->ce == ce &&
-                                           (prop_info->flags & 
ZEND_ACC_STATIC) == 0 && 
-                                           (prop_info->flags & 
ZEND_ACC_PRIVATE) != 0 && 
+                                           (prop_info->flags & 
ZEND_ACC_STATIC) == 0 &&
+                                           (prop_info->flags & 
ZEND_ACC_PRIVATE) != 0 &&
                                            prop_info->offset >= 0 &&
                                                
zobj->properties_table[prop_info->offset]) {
                                                
zend_hash_quick_add(zobj->properties, prop_info->name, 
prop_info->name_length+1, prop_info->h, 
(void**)&zobj->properties_table[prop_info->offset], sizeof(zval*), 
(void**)&zobj->properties_table[prop_info->offset]);
-                                       }                               
+                                       }
                                }
                        }
                }
@@ -783,7 +783,7 @@ static void zend_std_unset_property(zval *object, zval 
*member, const zend_liter
        property_info = zend_get_property_info_quick(zobj->ce, member, 
(zobj->ce->__unset != NULL), key TSRMLS_CC);
 
        if (EXPECTED(property_info != NULL) &&
-           EXPECTED((property_info->flags & ZEND_ACC_STATIC) == 0) && 
+           EXPECTED((property_info->flags & ZEND_ACC_STATIC) == 0) &&
            !zobj->properties &&
            property_info->offset >= 0 &&
            EXPECTED(zobj->properties_table[property_info->offset] != NULL)) {
@@ -815,8 +815,8 @@ static void zend_std_unset_property(zval *object, zval 
*member, const zend_liter
                                }
                        }
                }
-       } else if (EXPECTED(property_info != NULL) && 
-                  EXPECTED((property_info->flags & ZEND_ACC_STATIC) == 0) && 
+       } else if (EXPECTED(property_info != NULL) &&
+                  EXPECTED((property_info->flags & ZEND_ACC_STATIC) == 0) &&
                   property_info->offset >= 0) {
                zobj->properties_table[property_info->offset] = NULL;
        }
@@ -960,12 +960,6 @@ ZEND_API int zend_check_protected(zend_class_entry *ce, 
zend_class_entry *scope)
 }
 /* }}} */
 
-static inline zend_class_entry * zend_get_function_root_class(zend_function 
*fbc) /* {{{ */
-{
-       return fbc->common.prototype ? fbc->common.prototype->common.scope : 
fbc->common.scope;
-}
-/* }}} */
-
 static inline union _zend_function 
*zend_get_user_call_function(zend_class_entry *ce, const char *method_name, int 
method_len) /* {{{ */
 {
        zend_internal_function *call_user_call = 
emalloc(sizeof(zend_internal_function));
@@ -1143,7 +1137,7 @@ ZEND_API zend_function 
*zend_std_get_static_method(zend_class_entry *ce, const c
                zend_str_tolower_copy(lc_function_name, function_name_strval, 
function_name_strlen);
                hash_value = zend_hash_func(lc_function_name, 
function_name_strlen+1);
        }
-       
+
        if (function_name_strlen == ce->name_length && ce->constructor) {
                lc_class_name = zend_str_tolower_dup(ce->name, ce->name_length);
                /* Only change the method to the constructor if the constructor 
isn't called __construct
@@ -1178,7 +1172,7 @@ ZEND_API zend_function 
*zend_std_get_static_method(zend_class_entry *ce, const c
        if (UNEXPECTED(!(fbc->common.fn_flags & ZEND_ACC_STATIC))) {
                zend_error_noreturn(E_ERROR, "Cannot call non static method 
%s::%s() without object", ZEND_FN_SCOPE_NAME(fbc), fbc->common.function_name);
        }
-#endif 
+#endif
        if (fbc->op_array.fn_flags & ZEND_ACC_PUBLIC) {
                /* No further checks necessary, most common case */
        } else if (fbc->op_array.fn_flags & ZEND_ACC_PRIVATE) {
@@ -1220,7 +1214,7 @@ ZEND_API zval 
**zend_std_get_static_property(zend_class_entry *ce, const char *p
 {
        zend_property_info *property_info;
        ulong hash_value;
-       
+
        if (UNEXPECTED(!key) ||
            (property_info = CACHED_POLYMORPHIC_PTR(key->cache_slot, ce)) == 
NULL) {
                if (EXPECTED(key != NULL)) {
diff --git a/Zend/zend_object_handlers.h b/Zend/zend_object_handlers.h
index 32c0a67..d0d7a7b 100644
--- a/Zend/zend_object_handlers.h
+++ b/Zend/zend_object_handlers.h
@@ -146,6 +146,9 @@ struct _zend_object_handlers {
 
 extern ZEND_API zend_object_handlers std_object_handlers;
 
+#define zend_get_function_root_class(fbc) \
+       ((fbc)->common.prototype ? (fbc)->common.prototype->common.scope : 
(fbc)->common.scope)
+
 BEGIN_EXTERN_C()
 ZEND_API union _zend_function *zend_std_get_static_method(zend_class_entry 
*ce, const char *function_name_strval, int function_name_strlen, const struct 
_zend_literal *key TSRMLS_DC);
 ZEND_API zval **zend_std_get_static_property(zend_class_entry *ce, const char 
*property_name, int property_name_len, zend_bool silent, const struct 
_zend_literal *key TSRMLS_DC);
diff --git a/Zend/zend_objects.c b/Zend/zend_objects.c
index 7fadcf7..f7470fa 100644
--- a/Zend/zend_objects.c
+++ b/Zend/zend_objects.c
@@ -28,7 +28,7 @@
 
 ZEND_API void zend_object_std_init(zend_object *object, zend_class_entry *ce 
TSRMLS_DC)
 {
-       object->ce = ce;        
+       object->ce = ce;
        object->properties = NULL;
        object->properties_table = NULL;
        object->guards = NULL;
@@ -38,7 +38,7 @@ ZEND_API void zend_object_std_dtor(zend_object *object 
TSRMLS_DC)
 {
        if (object->guards) {
                zend_hash_destroy(object->guards);
-               FREE_HASHTABLE(object->guards);         
+               FREE_HASHTABLE(object->guards);
        }
        if (object->properties) {
                zend_hash_destroy(object->properties);
@@ -74,23 +74,23 @@ ZEND_API void zend_objects_destroy_object(zend_object 
*object, zend_object_handl
                                if (object->ce != EG(scope)) {
                                        zend_class_entry *ce = object->ce;
 
-                                       zend_error(EG(in_execution) ? E_ERROR : 
E_WARNING, 
-                                               "Call to private 
%s::__destruct() from context '%s'%s", 
-                                               ce->name, 
-                                               EG(scope) ? EG(scope)->name : 
"", 
+                                       zend_error(EG(in_execution) ? E_ERROR : 
E_WARNING,
+                                               "Call to private 
%s::__destruct() from context '%s'%s",
+                                               ce->name,
+                                               EG(scope) ? EG(scope)->name : 
"",
                                                EG(in_execution) ? "" : " 
during shutdown ignored");
                                        return;
                                }
                        } else {
                                /* Ensure that if we're calling a protected 
function, we're allowed to do so.
                                 */
-                               if 
(!zend_check_protected(destructor->common.scope, EG(scope))) {
+                               if 
(!zend_check_protected(zend_get_function_root_class(destructor), EG(scope))) {
                                        zend_class_entry *ce = object->ce;
 
-                                       zend_error(EG(in_execution) ? E_ERROR : 
E_WARNING, 
-                                               "Call to protected 
%s::__destruct() from context '%s'%s", 
-                                               ce->name, 
-                                               EG(scope) ? EG(scope)->name : 
"", 
+                                       zend_error(EG(in_execution) ? E_ERROR : 
E_WARNING,
+                                               "Call to protected 
%s::__destruct() from context '%s'%s",
+                                               ce->name,
+                                               EG(scope) ? EG(scope)->name : 
"",
                                                EG(in_execution) ? "" : " 
during shutdown ignored");
                                        return;
                                }
@@ -139,7 +139,7 @@ ZEND_API void zend_objects_free_object_storage(zend_object 
*object TSRMLS_DC)
 }
 
 ZEND_API zend_object_value zend_objects_new(zend_object **object, 
zend_class_entry *class_type TSRMLS_DC)
-{      
+{
        zend_object_value retval;
 
        *object = emalloc(sizeof(zend_object));
@@ -222,7 +222,7 @@ ZEND_API zend_object_value zend_objects_clone_obj(zval 
*zobject TSRMLS_DC)
        zend_object *new_object;
        zend_object_handle handle = Z_OBJ_HANDLE_P(zobject);
 
-       /* assume that create isn't overwritten, so when clone depends on the 
+       /* assume that create isn't overwritten, so when clone depends on the
         * overwritten one then it must itself be overwritten */
        old_object = zend_objects_get_address(zobject TSRMLS_CC);
        new_obj_val = zend_objects_new(&new_object, old_object->ce TSRMLS_CC);
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
index 8cceb19..5a3ae49 100644
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -2442,7 +2442,7 @@ ZEND_VM_HANDLER(59, ZEND_INIT_FCALL_BY_NAME, ANY, 
CONST|TMP|VAR|CV)
                                if (UNEXPECTED(EX(fbc) == NULL)) {
                                        zend_error_noreturn(E_ERROR, "Call to 
undefined method %s::%s()", Z_OBJ_CLASS_NAME_P(EX(object)), 
Z_STRVAL_PP(method));
                                }
-                               
+
                                if ((EX(fbc)->common.fn_flags & 
ZEND_ACC_STATIC) != 0) {
                                        EX(object) = NULL;
                                } else {
@@ -2974,7 +2974,7 @@ ZEND_VM_HANDLER(107, ZEND_CATCH, CONST, CV)
                catch_ce = CACHED_PTR(opline->op1.literal->cache_slot);
        } else {
                catch_ce = zend_fetch_class_by_name(Z_STRVAL_P(opline->op1.zv), 
Z_STRLEN_P(opline->op1.zv), opline->op1.literal + 1, 
ZEND_FETCH_CLASS_NO_AUTOLOAD TSRMLS_CC);
-               
+
                CACHE_PTR(opline->op1.literal->cache_slot, catch_ce);
        }
        ce = Z_OBJCE_P(EG(exception));
@@ -3426,7 +3426,7 @@ ZEND_VM_HANDLER(110, ZEND_CLONE, CONST|TMP|VAR|UNUSED|CV, 
ANY)
                } else if ((clone->common.fn_flags & ZEND_ACC_PROTECTED)) {
                        /* Ensure that if we're calling a protected function, 
we're allowed to do so.
                         */
-                       if 
(UNEXPECTED(!zend_check_protected(clone->common.scope, EG(scope)))) {
+                       if 
(UNEXPECTED(!zend_check_protected(zend_get_function_root_class(clone), 
EG(scope)))) {
                                zend_error_noreturn(E_ERROR, "Call to protected 
%s::__clone() from context '%s'", ce->name, EG(scope) ? EG(scope)->name : "");
                        }
                }
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
index 68ba74b..1fb6e76 100644
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -2436,7 +2436,7 @@ static int ZEND_FASTCALL  
ZEND_CLONE_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS
                } else if ((clone->common.fn_flags & ZEND_ACC_PROTECTED)) {
                        /* Ensure that if we're calling a protected function, 
we're allowed to do so.
                         */
-                       if 
(UNEXPECTED(!zend_check_protected(clone->common.scope, EG(scope)))) {
+                       if 
(UNEXPECTED(!zend_check_protected(zend_get_function_root_class(clone), 
EG(scope)))) {
                                zend_error_noreturn(E_ERROR, "Call to protected 
%s::__clone() from context '%s'", ce->name, EG(scope) ? EG(scope)->name : "");
                        }
                }
@@ -6850,7 +6850,7 @@ static int ZEND_FASTCALL  
ZEND_CLONE_SPEC_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
                } else if ((clone->common.fn_flags & ZEND_ACC_PROTECTED)) {
                        /* Ensure that if we're calling a protected function, 
we're allowed to do so.
                         */
-                       if 
(UNEXPECTED(!zend_check_protected(clone->common.scope, EG(scope)))) {
+                       if 
(UNEXPECTED(!zend_check_protected(zend_get_function_root_class(clone), 
EG(scope)))) {
                                zend_error_noreturn(E_ERROR, "Call to protected 
%s::__clone() from context '%s'", ce->name, EG(scope) ? EG(scope)->name : "");
                        }
                }
@@ -11278,7 +11278,7 @@ static int ZEND_FASTCALL  
ZEND_CLONE_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
                } else if ((clone->common.fn_flags & ZEND_ACC_PROTECTED)) {
                        /* Ensure that if we're calling a protected function, 
we're allowed to do so.
                         */
-                       if 
(UNEXPECTED(!zend_check_protected(clone->common.scope, EG(scope)))) {
+                       if 
(UNEXPECTED(!zend_check_protected(zend_get_function_root_class(clone), 
EG(scope)))) {
                                zend_error_noreturn(E_ERROR, "Call to protected 
%s::__clone() from context '%s'", ce->name, EG(scope) ? EG(scope)->name : "");
                        }
                }
@@ -21475,7 +21475,7 @@ static int ZEND_FASTCALL  
ZEND_CLONE_SPEC_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARG
                } else if ((clone->common.fn_flags & ZEND_ACC_PROTECTED)) {
                        /* Ensure that if we're calling a protected function, 
we're allowed to do so.
                         */
-                       if 
(UNEXPECTED(!zend_check_protected(clone->common.scope, EG(scope)))) {
+                       if 
(UNEXPECTED(!zend_check_protected(zend_get_function_root_class(clone), 
EG(scope)))) {
                                zend_error_noreturn(E_ERROR, "Call to protected 
%s::__clone() from context '%s'", ce->name, EG(scope) ? EG(scope)->name : "");
                        }
                }
@@ -27222,7 +27222,7 @@ static int ZEND_FASTCALL  
ZEND_CLONE_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS)
                } else if ((clone->common.fn_flags & ZEND_ACC_PROTECTED)) {
                        /* Ensure that if we're calling a protected function, 
we're allowed to do so.
                         */
-                       if 
(UNEXPECTED(!zend_check_protected(clone->common.scope, EG(scope)))) {
+                       if 
(UNEXPECTED(!zend_check_protected(zend_get_function_root_class(clone), 
EG(scope)))) {
                                zend_error_noreturn(E_ERROR, "Call to protected 
%s::__clone() from context '%s'", ce->name, EG(scope) ? EG(scope)->name : "");
                        }
                }
-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to