Merge branch 'PHP-5.5' into PHP-5.6

* PHP-5.5:
  Added validation of class names in the autoload process

Conflicts:
	NEWS

2 files changed, 21 insertions, 0 deletions

diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c
index 769b333d9d..bcce7418d5 100644
--- a/Zend/zend_execute_API.c
+++ b/Zend/zend_execute_API.c
@@ -1076,6 +1076,14 @@ ZEND_API int zend_lookup_class_ex(const char *name, int name_length, const zend_
 		return FAILURE;
 	}
 
+	/* Verify class name before passing it to __autoload() */
+	if (strspn(name, "0123456789_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\177\200\201\202\203\204\205\206\207\210\211\212\213\214\215\216\217\220\221\222\223\224\225\226\227\230\231\232\233\234\235\236\237\240\241\242\243\244\245\246\247\250\251\252\253\254\255\256\257\260\261\262\263\264\265\266\267\270\271\272\273\274\275\276\277\300\301\302\303\304\305\306\307\310\311\312\313\314\315\316\317\320\321\322\323\324\325\326\327\330\331\332\333\334\335\336\337\340\341\342\343\344\345\346\347\350\351\352\353\354\355\356\357\360\361\362\363\364\365\366\367\370\371\372\373\374\375\376\377\\") != name_length) {
+		if (!key) {
+			free_alloca(lc_free, use_heap);
+		}
+		return FAILURE;
+	}
+	
 	if (EG(in_autoload) == NULL) {
 		ALLOC_HASHTABLE(EG(in_autoload));
 		zend_hash_init(EG(in_autoload), 0, NULL, NULL, 0);
diff --git a/tests/classes/autoload_021.phpt b/tests/classes/autoload_021.phpt
new file mode 100644
index 0000000000..13562b4000
--- /dev/null
+++ b/tests/classes/autoload_021.phpt
@@ -0,0 +1,13 @@
+--TEST--
+Validation of class names in the autoload process
+--FILE--
+<?php
+function __autoload($name) {
+	echo "$name\n";
+}
+$a = "../BUG";
+$x = new $a;
+echo "BUG\n";
+?>
+--EXPECTF--
+Fatal error: Class '../BUG' not found in %sautoload_021.php on line 6