spl spl_directory.c ZendEngine2 zend_closures.c zend_interfaces.c zend_interfaces.h

Etienne Kneuss Mon, 22 Dec 2008 06:12:08 -0800

colder          Mon Dec 22 14:11:50 2008 UTC

  Modified files:              (Branch: PHP_5_3)
    /ZendEngine2        zend_closures.c zend_interfaces.c zend_interfaces.h 
    /php-src/ext/spl    spl_directory.c 
  Log:
  MFH: Fix #46646 (Implement zend functions to restrict serialization or 
internal classes)
  
http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_closures.c?r1=1.3.2.15&r2=1.3.2.16&diff_format=u
Index: ZendEngine2/zend_closures.c
diff -u ZendEngine2/zend_closures.c:1.3.2.15 
ZendEngine2/zend_closures.c:1.3.2.16
--- ZendEngine2/zend_closures.c:1.3.2.15        Thu Nov 27 19:01:19 2008
+++ ZendEngine2/zend_closures.c Mon Dec 22 14:11:49 2008
@@ -17,11 +17,12 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: zend_closures.c,v 1.3.2.15 2008/11/27 19:01:19 dmitry Exp $ */
+/* $Id: zend_closures.c,v 1.3.2.16 2008/12/22 14:11:49 colder Exp $ */
 
 #include "zend.h"
 #include "zend_API.h"
 #include "zend_closures.h"
+#include "zend_interfaces.h"
 #include "zend_objects.h"
 #include "zend_objects_API.h"
 #include "zend_globals.h"
@@ -79,20 +80,6 @@
 }
 /* }}} */
 
-static int zend_closure_serialize(zval *object, unsigned char **buffer, 
zend_uint *buf_len, zend_serialize_data *data TSRMLS_DC) /* {{{ */
-{
-       zend_error(E_RECOVERABLE_ERROR, "Serialization of 'Closure' is not 
allowed");
-       return FAILURE;
-}
-/* }}} */
-
-static int zend_closure_unserialize(zval **object, zend_class_entry *ce, const 
unsigned char *buf, zend_uint buf_len, zend_unserialize_data *data TSRMLS_DC) 
/* {{{ */
-{
-       zend_error(E_RECOVERABLE_ERROR, "Unserialization of 'Closure' is not 
allowed");
-       return FAILURE;
-}
-/* }}} */
-
 static int zend_closure_compare_objects(zval *o1, zval *o2 TSRMLS_DC) /* {{{ */
 {
        return (Z_OBJ_HANDLE_P(o1) != Z_OBJ_HANDLE_P(o2));
@@ -243,8 +230,8 @@
        zend_ce_closure = zend_register_internal_class(&ce TSRMLS_CC);
        zend_ce_closure->ce_flags |= ZEND_ACC_FINAL_CLASS;
        zend_ce_closure->create_object = zend_closure_new;
-       zend_ce_closure->serialize = zend_closure_serialize;
-       zend_ce_closure->unserialize = zend_closure_unserialize;
+       zend_ce_closure->serialize = zend_class_serialize_deny;
+       zend_ce_closure->unserialize = zend_class_unserialize_deny;
 
        memcpy(&closure_handlers, zend_get_std_object_handlers(), 
sizeof(zend_object_handlers));
        closure_handlers.get_constructor = zend_closure_get_constructor;
http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_interfaces.c?r1=1.33.2.4.2.6.2.10&r2=1.33.2.4.2.6.2.11&diff_format=u
Index: ZendEngine2/zend_interfaces.c
diff -u ZendEngine2/zend_interfaces.c:1.33.2.4.2.6.2.10 
ZendEngine2/zend_interfaces.c:1.33.2.4.2.6.2.11
--- ZendEngine2/zend_interfaces.c:1.33.2.4.2.6.2.10     Thu Nov 27 19:01:19 2008
+++ ZendEngine2/zend_interfaces.c       Mon Dec 22 14:11:49 2008
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: zend_interfaces.c,v 1.33.2.4.2.6.2.10 2008/11/27 19:01:19 dmitry Exp $ 
*/
+/* $Id: zend_interfaces.c,v 1.33.2.4.2.6.2.11 2008/12/22 14:11:49 colder Exp $ 
*/
 
 #include "zend.h"
 #include "zend_API.h"
@@ -463,6 +463,21 @@
 }
 /* }}} */
 
+ZEND_API int zend_class_serialize_deny(zval *object, unsigned char **buffer, 
zend_uint *buf_len, zend_serialize_data *data TSRMLS_DC) /* {{{ */
+{
+       zend_class_entry *ce = Z_OBJCE_P(object);
+       zend_throw_exception_ex(NULL, 0 TSRMLS_CC, "Serialization of '%s' is 
not allowed", ce->name);
+       return FAILURE;
+}
+/* }}} */
+
+ZEND_API int zend_class_unserialize_deny(zval **object, zend_class_entry *ce, 
const unsigned char *buf, zend_uint buf_len, zend_unserialize_data *data 
TSRMLS_DC) /* {{{ */
+{
+       zend_throw_exception_ex(NULL, 0 TSRMLS_CC, "Unserialization of '%s' is 
not allowed", ce->name);
+       return FAILURE;
+}
+/* }}} */
+
 /* {{{ zend_implement_serializable */
 static int zend_implement_serializable(zend_class_entry *interface, 
zend_class_entry *class_type TSRMLS_DC)
 {
http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_interfaces.h?r1=1.11.2.1.2.2.2.2&r2=1.11.2.1.2.2.2.3&diff_format=u
Index: ZendEngine2/zend_interfaces.h
diff -u ZendEngine2/zend_interfaces.h:1.11.2.1.2.2.2.2 
ZendEngine2/zend_interfaces.h:1.11.2.1.2.2.2.3
--- ZendEngine2/zend_interfaces.h:1.11.2.1.2.2.2.2      Sun Aug 24 18:22:33 2008
+++ ZendEngine2/zend_interfaces.h       Mon Dec 22 14:11:49 2008
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: zend_interfaces.h,v 1.11.2.1.2.2.2.2 2008/08/24 18:22:33 colder Exp $ 
*/
+/* $Id: zend_interfaces.h,v 1.11.2.1.2.2.2.3 2008/12/22 14:11:49 colder Exp $ 
*/
 
 #ifndef ZEND_INTERFACES_H
 #define ZEND_INTERFACES_H
@@ -64,6 +64,9 @@
 ZEND_API int zend_user_serialize(zval *object, unsigned char **buffer, 
zend_uint *buf_len, zend_serialize_data *data TSRMLS_DC);
 ZEND_API int zend_user_unserialize(zval **object, zend_class_entry *ce, const 
unsigned char *buf, zend_uint buf_len, zend_unserialize_data *data TSRMLS_DC);
 
+ZEND_API int zend_class_serialize_deny(zval *object, unsigned char **buffer, 
zend_uint *buf_len, zend_serialize_data *data TSRMLS_DC);
+ZEND_API int zend_class_unserialize_deny(zval **object, zend_class_entry *ce, 
const unsigned char *buf, zend_uint buf_len, zend_unserialize_data *data 
TSRMLS_DC);
+
 END_EXTERN_C()
 
 #endif /* ZEND_INTERFACES_H */
http://cvs.php.net/viewvc.cgi/php-src/ext/spl/spl_directory.c?r1=1.45.2.27.2.23.2.38&r2=1.45.2.27.2.23.2.39&diff_format=u
Index: php-src/ext/spl/spl_directory.c
diff -u php-src/ext/spl/spl_directory.c:1.45.2.27.2.23.2.38 
php-src/ext/spl/spl_directory.c:1.45.2.27.2.23.2.39
--- php-src/ext/spl/spl_directory.c:1.45.2.27.2.23.2.38 Thu Nov 27 19:01:23 2008
+++ php-src/ext/spl/spl_directory.c     Mon Dec 22 14:11:49 2008
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: spl_directory.c,v 1.45.2.27.2.23.2.38 2008/11/27 19:01:23 dmitry Exp $ 
*/
+/* $Id: spl_directory.c,v 1.45.2.27.2.23.2.39 2008/12/22 14:11:49 colder Exp $ 
*/
 
 #ifdef HAVE_CONFIG_H
 # include "config.h"
@@ -2610,6 +2610,8 @@
        spl_filesystem_object_handlers.clone_obj       = 
spl_filesystem_object_clone;
        spl_filesystem_object_handlers.cast_object     = 
spl_filesystem_object_cast;
        spl_filesystem_object_handlers.get_debug_info  = 
spl_filesystem_object_get_debug_info;
+       spl_ce_SplFileInfo->serialize = zend_class_serialize_deny;
+       spl_ce_SplFileInfo->unserialize = zend_class_unserialize_deny;
 
        REGISTER_SPL_SUB_CLASS_EX(DirectoryIterator, SplFileInfo, 
spl_filesystem_object_new, spl_DirectoryIterator_functions);
        zend_class_implements(spl_ce_DirectoryIterator TSRMLS_CC, 1, 
zend_ce_iterator);




-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_5_3) /ext/spl spl_directory.c ZendEngine2 zend_closures.c zend_interfaces.c zend_interfaces.h

Reply via email to