diff options
| author | Nikita Popov <nikita.ppv@gmail.com> | 2020-04-27 13:17:37 +0200 |
|---|---|---|
| committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-04-30 09:53:57 +0200 |
| commit | 53eee290b6f5ca531aef19885a392c939013ce36 (patch) | |
| tree | 1eac8e854e60f39bd3432f92a603f9f0b9d41169 /Zend/zend_API.c | |
| parent | 8cb237345a50f724aca35133da7155b6bc47d133 (diff) | |
| download | php-git-53eee290b6f5ca531aef19885a392c939013ce36.tar.gz | |
Completely remove disabled functions from function table
Currently, disabling a function only replaces the internal
function handler with one that throws a warning, and a few
places in the engine special-case such functions, such as
function_exists. This leaves us with a Schrödinger's function,
which both does not exist (function_exists returns false) and
does exist (you cannot define a function with the same name).
In particular, this prevents the implementation of robust
polyfills, as reported in https://bugs.php.net/bug.php?id=79382:
if (!function_exists('getallheaders')) {
function getallheaders(...) { ... }
}
If getallheaders() is a disabled function, this code will break.
This patch changes disable_functions to remove the functions from
the function table completely. For all intents and purposes, it
will look like the function does not exist.
This also renders two bits of PHP functionality obsolete and thus
deprecated:
* ReflectionFunction::isDisabled(), as it will no longer be
possible to construct the ReflectionFunction of a disabled
function in the first place.
* get_defined_functions() with $exclude_disabled=false, as
get_defined_functions() now never returns disabled functions.
Fixed bug #79382.
Closes GH-5473.
Diffstat (limited to 'Zend/zend_API.c')
| -rw-r--r-- | Zend/zend_API.c | 20 |
1 files changed, 1 insertions, 19 deletions
diff --git a/Zend/zend_API.c b/Zend/zend_API.c index 37c8820164..d2fb08d2d9 100644 --- a/Zend/zend_API.c +++ b/Zend/zend_API.c @@ -2686,27 +2686,9 @@ ZEND_API int zend_set_hash_symbol(zval *symbol, const char *name, int name_lengt /* Disabled functions support */ -/* {{{ proto void display_disabled_function(void) -Dummy function which displays an error when a disabled function is called. */ -ZEND_API ZEND_COLD ZEND_FUNCTION(display_disabled_function) -{ - zend_error(E_WARNING, "%s() has been disabled for security reasons", get_active_function_name()); -} -/* }}} */ - ZEND_API int zend_disable_function(char *function_name, size_t function_name_length) /* {{{ */ { - zend_internal_function *func; - if ((func = zend_hash_str_find_ptr(CG(function_table), function_name, function_name_length))) { - zend_free_internal_arg_info(func); - func->fn_flags &= ~(ZEND_ACC_VARIADIC | ZEND_ACC_HAS_TYPE_HINTS | ZEND_ACC_HAS_RETURN_TYPE); - func->num_args = 0; - func->required_num_args = 0; - func->arg_info = NULL; - func->handler = ZEND_FN(display_disabled_function); - return SUCCESS; - } - return FAILURE; + return zend_hash_str_del(CG(function_table), function_name, function_name_length); } /* }}} */ |