summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGustavo André dos Santos Lopes <cataphract@php.net>2011-06-30 09:26:35 +0000
committerGustavo André dos Santos Lopes <cataphract@php.net>2011-06-30 09:26:35 +0000
commit3dafd9549de139a2be946b7f12790900036a7ec3 (patch)
tree3d19e594d73ce59ca408473f01e72f121bef0a70
parent85bf6f032969ee2e92cd2e0804bfad2852e453e6 (diff)
downloadphp-git-3dafd9549de139a2be946b7f12790900036a7ec3.tar.gz
- Fixed bug #55082 (var_export() doesn't escape properties properly).
Diffstat
-rw-r--r--NEWS2
-rw-r--r--ext/standard/tests/general_functions/var_export_basic9.phpt11
-rw-r--r--ext/standard/var.c14
3 files changed, 24 insertions, 3 deletions
diff --git a/NEWS b/NEWS
index de4c5f15e6..414f66f8ec 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,8 @@ PHP NEWS
?? ??? 2011, PHP 5.3.7
- Core:
. Fixed crash in error_log(). (Felipe) Reported by Mateusz Kocielski.
+ . Fixed bug #55082 (var_export() doesn't escape properties properly).
+ (Gustavo)
- DateTime extension:
. Fixed bug where the DateTime object got changed while using date_diff().
diff --git a/ext/standard/tests/general_functions/var_export_basic9.phpt b/ext/standard/tests/general_functions/var_export_basic9.phpt
new file mode 100644
index 0000000000..3c9706edfd
--- /dev/null
+++ b/ext/standard/tests/general_functions/var_export_basic9.phpt
@@ -0,0 +1,11 @@
+--TEST--
+Bug #55082: var_export() doesn't escape properties properly
+--FILE--
+<?php
+ $x = new stdClass();
+ $x->{'\'\\'} = 7;
+ echo var_export($x);
+--EXPECT--
+stdClass::__set_state(array(
+ '\'\\' => 7,
+))
diff --git a/ext/standard/var.c b/ext/standard/var.c
index 409bca6132..46dfc29391 100644
--- a/ext/standard/var.c
+++ b/ext/standard/var.c
@@ -387,18 +387,26 @@ static int php_object_element_export(zval **zv TSRMLS_DC, int num_args, va_list
{
int level;
smart_str *buf;
- char *prop_name, *class_name;
level = va_arg(args, int);
buf = va_arg(args, smart_str *);
buffer_append_spaces(buf, level + 2);
if (hash_key->nKeyLength != 0) {
- zend_unmangle_property_name(hash_key->arKey, hash_key->nKeyLength - 1, &class_name, &prop_name);
+ char *class_name, /* ignored, but must be passed to unmangle */
+ *pname,
+ *pname_esc;
+ int pname_esc_len;
+
+ zend_unmangle_property_name(hash_key->arKey, hash_key->nKeyLength - 1,
+ &class_name, &pname);
+ pname_esc = php_addcslashes(pname, strlen(pname), &pname_esc_len, 0,
+ "'\\", 2 TSRMLS_CC);
smart_str_appendc(buf, '\'');
- smart_str_appends(buf, prop_name);
+ smart_str_appendl(buf, pname_esc, pname_esc_len);
smart_str_appendc(buf, '\'');
+ efree(pname_esc);
} else {
smart_str_append_long(buf, hash_key->h);
}
View Lorry Controller Status