MFH: Fix #46646 (Implement zend functions to restrict serialization or internal classes)

1 files changed, 15 insertions, 0 deletions

diff --git a/Zend/zend_interfaces.c b/Zend/zend_interfaces.c
index b4edac5aee..a5a938e35b 100755
--- a/Zend/zend_interfaces.c
+++ b/Zend/zend_interfaces.c
@@ -463,6 +463,21 @@ ZEND_API int zend_user_unserialize(zval **object, zend_class_entry *ce, const un
 }
 /* }}} */
 
+ZEND_API int zend_class_serialize_deny(zval *object, unsigned char **buffer, zend_uint *buf_len, zend_serialize_data *data TSRMLS_DC) /* {{{ */
+{
+	zend_class_entry *ce = Z_OBJCE_P(object);
+	zend_throw_exception_ex(NULL, 0 TSRMLS_CC, "Serialization of '%s' is not allowed", ce->name);
+	return FAILURE;
+}
+/* }}} */
+
+ZEND_API int zend_class_unserialize_deny(zval **object, zend_class_entry *ce, const unsigned char *buf, zend_uint buf_len, zend_unserialize_data *data TSRMLS_DC) /* {{{ */
+{
+	zend_throw_exception_ex(NULL, 0 TSRMLS_CC, "Unserialization of '%s' is not allowed", ce->name);
+	return FAILURE;
+}
+/* }}} */
+
 /* {{{ zend_implement_serializable */
 static int zend_implement_serializable(zend_class_entry *interface, zend_class_entry *class_type TSRMLS_DC)
 {