diff options
| author | Christopher Jones <sixd@php.net> | 2013-06-25 17:28:11 -0700 |
|---|---|---|
| committer | Christopher Jones <sixd@php.net> | 2013-06-25 17:28:11 -0700 |
| commit | 111b385afe40674a08d5ab76f659a1e236f0da60 (patch) | |
| tree | f3cb43a2315a3d22579d76b1514cf87882ef1384 | |
| parent | 5d0094e5f9f8bd49c615f2ec2542384f802d340d (diff) | |
| parent | a689fde2bf77d950901edb6be28dcfa9a8ff0b9c (diff) | |
| download | php-git-111b385afe40674a08d5ab76f659a1e236f0da60.tar.gz | |
Merge branch 'PHP-5.4' of https://git.php.net/repository/php-src into PHP-5.4
# By Felipe Pena
# Via Felipe Pena
* 'PHP-5.4' of https://git.php.net/repository/php-src:
- BFN
- Fixed bug #62672 (Error on serialize of ArrayObject) patch by: lior dot k at zend dot com
- BFN
- Fixed bug #62964 (Possible XSS on "Registered stream filters" info) patch by: david at nnucomputerwhiz dot com
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | ext/spl/spl_array.c | 2 | ||||
| -rw-r--r-- | ext/spl/tests/bug62672.phpt | 31 | ||||
| -rw-r--r-- | ext/standard/info.c | 6 |
4 files changed, 41 insertions, 2 deletions
@@ -7,6 +7,10 @@ PHP NEWS (David Soria Parra, Laruence) . Fixed bug #65088 (Generated configure script is malformed on OpenBSD). (Adam) + . Fixed bug #62964 (Possible XSS on "Registered stream filters" info). + (david at nnucomputerwhiz dot com) + . Fixed bug #62672 (Error on serialize of ArrayObject). + (lior dot k at zend dot com) . Fixed bug #60732 (php_error_docref links to invalid pages). (Jakub Vrana) - CLI server: diff --git a/ext/spl/spl_array.c b/ext/spl/spl_array.c index 2c2c87d027..40fbb4c8f6 100644 --- a/ext/spl/spl_array.c +++ b/ext/spl/spl_array.c @@ -1778,7 +1778,7 @@ SPL_METHOD(Array, unserialize) ++p; if (*p!='m') { - if (*p!='a' && *p!='O' && *p!='C') { + if (*p!='a' && *p!='O' && *p!='C' && *p!='r') { goto outexcept; } intern->ar_flags &= ~SPL_ARRAY_CLONE_MASK; diff --git a/ext/spl/tests/bug62672.phpt b/ext/spl/tests/bug62672.phpt new file mode 100644 index 0000000000..d0d6a62451 --- /dev/null +++ b/ext/spl/tests/bug62672.phpt @@ -0,0 +1,31 @@ +--TEST-- +Bug #62672 (Error on serialize of ArrayObject) +--FILE-- +<?php + +class ObjA +{ + private $_varA; + + public function __construct(Iterator $source) + { + $this->_varA = $source; + } +} + +class ObjB extends ObjA +{ + private $_varB; + + public function __construct(ArrayObject $keys) + { + $this->_varB = $keys; + parent::__construct($keys->getIterator()); + } +} + +$obj = new ObjB(new ArrayObject()); + +var_dump($obj == unserialize(serialize($obj))); +--EXPECTF-- +bool(true) diff --git a/ext/standard/info.c b/ext/standard/info.c index e171f72b57..6bc406fede 100644 --- a/ext/standard/info.c +++ b/ext/standard/info.c @@ -125,7 +125,11 @@ static void php_info_print_stream_hash(const char *name, HashTable *ht TSRMLS_DC zend_hash_internal_pointer_reset_ex(ht, &pos); while (zend_hash_get_current_key_ex(ht, &key, &len, NULL, 0, &pos) == HASH_KEY_IS_STRING) { - php_info_print(key); + if (!sapi_module.phpinfo_as_text) { + php_info_print_html_esc(key, len-1); + } else { + php_info_print(key); + } zend_hash_move_forward_ex(ht, &pos); if (zend_hash_get_current_key_ex(ht, &key, &len, NULL, 0, &pos) == HASH_KEY_IS_STRING) { php_info_print(", "); |