diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2020-10-26 16:54:30 +0100 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-10-26 16:54:30 +0100 |
commit | 6d3695a217c8a3a295fc723a8bd079db05984b70 (patch) | |
tree | afbbdeae85e2f45507fe6a2d412f7a55f35da0f2 | |
parent | 70388cc0edf91acd3899860798fcf418928a9fb4 (diff) | |
download | php-git-6d3695a217c8a3a295fc723a8bd079db05984b70.tar.gz |
Deny serialization of finfo objects
The resulting objects were already unusable, make it error out
earlier.
-rw-r--r-- | ext/fileinfo/fileinfo.c | 5 | ||||
-rw-r--r-- | ext/fileinfo/tests/clone_serialize.phpt | 4 |
2 files changed, 6 insertions, 3 deletions
diff --git a/ext/fileinfo/fileinfo.c b/ext/fileinfo/fileinfo.c index 3e05913ec2..add971b6d6 100644 --- a/ext/fileinfo/fileinfo.c +++ b/ext/fileinfo/fileinfo.c @@ -35,6 +35,7 @@ #include "fileinfo_arginfo.h" #include "fopen_wrappers.h" /* needed for is_url */ #include "Zend/zend_exceptions.h" +#include "Zend/zend_interfaces.h" /* {{{ macros and type definitions */ typedef struct _php_fileinfo { @@ -132,8 +133,10 @@ PHP_MINIT_FUNCTION(finfo) { zend_class_entry _finfo_class_entry; INIT_CLASS_ENTRY(_finfo_class_entry, "finfo", class_finfo_methods); - _finfo_class_entry.create_object = finfo_objects_new; finfo_class_entry = zend_register_internal_class(&_finfo_class_entry); + finfo_class_entry->create_object = finfo_objects_new; + finfo_class_entry->serialize = zend_class_serialize_deny; + finfo_class_entry->unserialize = zend_class_unserialize_deny; /* copy the standard object handlers to you handler table */ memcpy(&finfo_object_handlers, &std_object_handlers, sizeof(zend_object_handlers)); diff --git a/ext/fileinfo/tests/clone_serialize.phpt b/ext/fileinfo/tests/clone_serialize.phpt index dec16a485e..a249819796 100644 --- a/ext/fileinfo/tests/clone_serialize.phpt +++ b/ext/fileinfo/tests/clone_serialize.phpt @@ -14,7 +14,7 @@ try { try { $finfo3 = unserialize(serialize($finfo)); var_dump($finfo3->buffer("Test string")); -} catch (Error $e) { +} catch (Exception $e) { echo $e->getMessage(), "\n"; } @@ -22,4 +22,4 @@ try { --EXPECTF-- string(%d) "%s" Trying to clone an uncloneable object of class finfo -Invalid finfo object +Serialization of 'finfo' is not allowed |