Commit: f45a0f31c8354947c0e2b9ea44a63fc0a2c23a01 Author: Nikita Popov <ni...@php.net> Mon, 20 Aug 2012 16:01:16 +0200 Parents: 1823b16fa15894f72fc01724766289dbecf5a62a Branches: master
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=f45a0f31c8354947c0e2b9ea44a63fc0a2c23a01 Log: Disallow serialization and unserialization Changed paths: A Zend/tests/generators/errors/serialize_unserialize_error.phpt M Zend/zend_generators.c Diff: diff --git a/Zend/tests/generators/errors/serialize_unserialize_error.phpt b/Zend/tests/generators/errors/serialize_unserialize_error.phpt new file mode 100644 index 0000000..a8470b0 --- /dev/null +++ b/Zend/tests/generators/errors/serialize_unserialize_error.phpt @@ -0,0 +1,46 @@ +--TEST-- +Generators can't be serialized or unserialized +--FILE-- +<?php + +function gen() { yield; } + +$gen = gen(); + +try { + serialize($gen); +} catch (Exception $e) { + echo $e, "\n\n"; +} + +try { + var_dump(unserialize('O:9:"Generator":0:{}')); +} catch (Exception $e) { + echo $e, "\n\n"; +} + +try { + var_dump(unserialize('C:9:"Generator":0:{}')); +} catch (Exception $e) { + echo $e; +} + +?> +--EXPECTF-- +exception 'Exception' with message 'Serialization of 'Generator' is not allowed' in %s:%d +Stack trace: +#0 %s(%d): serialize(Object(Generator)) +#1 {main} + +exception 'Exception' with message 'Unserialization of 'Generator' is not allowed' in %s:%d +Stack trace: +#0 [internal function]: Generator->__wakeup() +#1 %s(%d): unserialize('O:9:"Generator"...') +#2 {main} + + +Notice: unserialize(): Error at offset 19 of 20 bytes in %s on line %d +exception 'Exception' with message 'Unserialization of 'Generator' is not allowed' in %s:%d +Stack trace: +#0 %s(%d): unserialize('C:9:"Generator"...') +#1 {main} diff --git a/Zend/zend_generators.c b/Zend/zend_generators.c index 41c6dfc..b4d8932 100644 --- a/Zend/zend_generators.c +++ b/Zend/zend_generators.c @@ -590,6 +590,23 @@ ZEND_METHOD(Generator, send) } } + +/* {{{ proto void Generator::__wakeup + * Throws an Exception as generators can't be serialized */ +ZEND_METHOD(Generator, __wakeup) +{ + /* Just specifying the zend_class_unserialize_deny handler is not enough, + * because it is only invoked for C unserialization. For O the error has + * to be thrown in __wakeup. */ + + if (zend_parse_parameters_none() == FAILURE) { + return; + } + + zend_throw_exception(NULL, "Unserialization of 'Generator' is not allowed", 0 TSRMLS_CC); +} +/* }}} */ + /* get_iterator implementation */ typedef struct _zend_generator_iterator { @@ -712,12 +729,13 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_generator_send, 0, 0, 1) ZEND_END_ARG_INFO() static const zend_function_entry generator_functions[] = { - ZEND_ME(Generator, rewind, arginfo_generator_void, ZEND_ACC_PUBLIC) - ZEND_ME(Generator, valid, arginfo_generator_void, ZEND_ACC_PUBLIC) - ZEND_ME(Generator, current, arginfo_generator_void, ZEND_ACC_PUBLIC) - ZEND_ME(Generator, key, arginfo_generator_void, ZEND_ACC_PUBLIC) - ZEND_ME(Generator, next, arginfo_generator_void, ZEND_ACC_PUBLIC) - ZEND_ME(Generator, send, arginfo_generator_send, ZEND_ACC_PUBLIC) + ZEND_ME(Generator, rewind, arginfo_generator_void, ZEND_ACC_PUBLIC) + ZEND_ME(Generator, valid, arginfo_generator_void, ZEND_ACC_PUBLIC) + ZEND_ME(Generator, current, arginfo_generator_void, ZEND_ACC_PUBLIC) + ZEND_ME(Generator, key, arginfo_generator_void, ZEND_ACC_PUBLIC) + ZEND_ME(Generator, next, arginfo_generator_void, ZEND_ACC_PUBLIC) + ZEND_ME(Generator, send, arginfo_generator_send, ZEND_ACC_PUBLIC) + ZEND_ME(Generator, __wakeup, arginfo_generator_void, ZEND_ACC_PUBLIC) ZEND_FE_END }; @@ -729,6 +747,8 @@ void zend_register_generator_ce(TSRMLS_D) /* {{{ */ zend_ce_generator = zend_register_internal_class(&ce TSRMLS_CC); zend_ce_generator->ce_flags |= ZEND_ACC_FINAL_CLASS; zend_ce_generator->create_object = zend_generator_create; + zend_ce_generator->serialize = zend_class_serialize_deny; + zend_ce_generator->unserialize = zend_class_unserialize_deny; /* get_iterator has to be assigned *after* implementing the inferface */ zend_class_implements(zend_ce_generator TSRMLS_CC, 1, zend_ce_iterator); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
