diff options
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | ext/spl/spl_array.c | 2 | ||||
| -rw-r--r-- | ext/spl/tests/bug62672.phpt | 31 | ||||
| -rw-r--r-- | ext/standard/info.c | 6 |
4 files changed, 41 insertions, 2 deletions
@@ -7,6 +7,10 @@ PHP NEWS (David Soria Parra, Laruence) . Fixed bug #65088 (Generated configure script is malformed on OpenBSD). (Adam) + . Fixed bug #62964 (Possible XSS on "Registered stream filters" info). + (david at nnucomputerwhiz dot com) + . Fixed bug #62672 (Error on serialize of ArrayObject). + (lior dot k at zend dot com) . Fixed bug #60732 (php_error_docref links to invalid pages). (Jakub Vrana) - CLI server: diff --git a/ext/spl/spl_array.c b/ext/spl/spl_array.c index 2c2c87d027..40fbb4c8f6 100644 --- a/ext/spl/spl_array.c +++ b/ext/spl/spl_array.c @@ -1778,7 +1778,7 @@ SPL_METHOD(Array, unserialize) ++p; if (*p!='m') { - if (*p!='a' && *p!='O' && *p!='C') { + if (*p!='a' && *p!='O' && *p!='C' && *p!='r') { goto outexcept; } intern->ar_flags &= ~SPL_ARRAY_CLONE_MASK; diff --git a/ext/spl/tests/bug62672.phpt b/ext/spl/tests/bug62672.phpt new file mode 100644 index 0000000000..d0d6a62451 --- /dev/null +++ b/ext/spl/tests/bug62672.phpt @@ -0,0 +1,31 @@ +--TEST-- +Bug #62672 (Error on serialize of ArrayObject) +--FILE-- +<?php + +class ObjA +{ + private $_varA; + + public function __construct(Iterator $source) + { + $this->_varA = $source; + } +} + +class ObjB extends ObjA +{ + private $_varB; + + public function __construct(ArrayObject $keys) + { + $this->_varB = $keys; + parent::__construct($keys->getIterator()); + } +} + +$obj = new ObjB(new ArrayObject()); + +var_dump($obj == unserialize(serialize($obj))); +--EXPECTF-- +bool(true) diff --git a/ext/standard/info.c b/ext/standard/info.c index e171f72b57..6bc406fede 100644 --- a/ext/standard/info.c +++ b/ext/standard/info.c @@ -125,7 +125,11 @@ static void php_info_print_stream_hash(const char *name, HashTable *ht TSRMLS_DC zend_hash_internal_pointer_reset_ex(ht, &pos); while (zend_hash_get_current_key_ex(ht, &key, &len, NULL, 0, &pos) == HASH_KEY_IS_STRING) { - php_info_print(key); + if (!sapi_module.phpinfo_as_text) { + php_info_print_html_esc(key, len-1); + } else { + php_info_print(key); + } zend_hash_move_forward_ex(ht, &pos); if (zend_hash_get_current_key_ex(ht, &key, &len, NULL, 0, &pos) == HASH_KEY_IS_STRING) { php_info_print(", "); |