diff options
| author | Mark <mrandall@digitellinc.com> | 2019-10-04 20:38:49 +0100 |
|---|---|---|
| committer | Nikita Popov <nikita.ppv@gmail.com> | 2019-10-07 10:24:41 +0200 |
| commit | 52376c177dc10993dccdaa1ff20c347c8dda6d0a (patch) | |
| tree | 4732345daecb4c0ee6f4f0645c7830ae3ec251ef /ext/xml | |
| parent | dd61edfd7cf5ebe03b502a8da647e01fa0f4f8b5 (diff) | |
| download | php-git-52376c177dc10993dccdaa1ff20c347c8dda6d0a.tar.gz | |
Fix bug #78563
Make XmlParser final, unclonable and unserializable.
Closes GH-4778.
Diffstat (limited to 'ext/xml')
| -rw-r--r-- | ext/xml/tests/bug78563.phpt | 17 | ||||
| -rw-r--r-- | ext/xml/tests/bug78563_final.phpt | 15 | ||||
| -rw-r--r-- | ext/xml/tests/bug78563_serialize.phpt | 18 | ||||
| -rw-r--r-- | ext/xml/xml.c | 8 |
4 files changed, 56 insertions, 2 deletions
diff --git a/ext/xml/tests/bug78563.phpt b/ext/xml/tests/bug78563.phpt new file mode 100644 index 0000000000..3203bbddc6 --- /dev/null +++ b/ext/xml/tests/bug78563.phpt @@ -0,0 +1,17 @@ +--TEST-- +Bug #78563: parsers should not be clonable +--SKIPIF-- +<?php include("skipif.inc"); ?> +--FILE-- +<?php + +$parser = xml_parser_create(); +clone $parser; + +?> +===DONE=== +--EXPECTF-- +Fatal error: Uncaught Error: Trying to clone an uncloneable object of class XmlParser in %s:%d +Stack trace: +#0 {main} + thrown in %s on line %d diff --git a/ext/xml/tests/bug78563_final.phpt b/ext/xml/tests/bug78563_final.phpt new file mode 100644 index 0000000000..23fac0d9bf --- /dev/null +++ b/ext/xml/tests/bug78563_final.phpt @@ -0,0 +1,15 @@ +--TEST-- +Bug #78563: parsers should not be extendable +--SKIPIF-- +<?php include("skipif.inc"); ?> +--FILE-- +<?php + +class Dummy extends Xmlparser { + +} + +?> +===DONE=== +--EXPECTF-- +Fatal error: Class Dummy may not inherit from final class (XmlParser) in %s on line %d diff --git a/ext/xml/tests/bug78563_serialize.phpt b/ext/xml/tests/bug78563_serialize.phpt new file mode 100644 index 0000000000..d480446d24 --- /dev/null +++ b/ext/xml/tests/bug78563_serialize.phpt @@ -0,0 +1,18 @@ +--TEST-- +Bug #78563: parsers should not be serializable +--SKIPIF-- +<?php include("skipif.inc"); ?> +--FILE-- +<?php + +$parser = xml_parser_create(); +serialize($parser); + +?> +===DONE=== +--EXPECTF-- +Fatal error: Uncaught Exception: Serialization of 'XmlParser' is not allowed in %s:%d +Stack trace: +#0 %s(%d): serialize(Object(XmlParser)) +#1 {main} + thrown in %s on line %d diff --git a/ext/xml/xml.c b/ext/xml/xml.c index f0ffcac961..a033accfdb 100644 --- a/ext/xml/xml.c +++ b/ext/xml/xml.c @@ -26,6 +26,7 @@ #include "ext/standard/php_string.h" #include "ext/standard/info.h" #include "ext/standard/html.h" +#include "zend_interfaces.h" #if HAVE_XML @@ -308,15 +309,18 @@ PHP_MINIT_FUNCTION(xml) { zend_class_entry ce; INIT_CLASS_ENTRY(ce, "XmlParser", xml_parser_methods); - ce.create_object = xml_parser_create_object; - ce.ce_flags |= ZEND_ACC_FINAL; xml_parser_ce = zend_register_internal_class(&ce); + xml_parser_ce->create_object = xml_parser_create_object; + xml_parser_ce->ce_flags |= ZEND_ACC_FINAL; + xml_parser_ce->serialize = zend_class_serialize_deny; + xml_parser_ce->unserialize = zend_class_unserialize_deny; memcpy(&xml_parser_object_handlers, &std_object_handlers, sizeof(zend_object_handlers)); xml_parser_object_handlers.offset = XtOffsetOf(xml_parser, std); xml_parser_object_handlers.free_obj = xml_parser_free_obj; xml_parser_object_handlers.get_gc = xml_parser_get_gc; xml_parser_object_handlers.get_constructor = xml_parser_get_constructor; + xml_parser_object_handlers.clone_obj = NULL; REGISTER_LONG_CONSTANT("XML_ERROR_NONE", XML_ERROR_NONE, CONST_CS|CONST_PERSISTENT); REGISTER_LONG_CONSTANT("XML_ERROR_NO_MEMORY", XML_ERROR_NO_MEMORY, CONST_CS|CONST_PERSISTENT); |