diff options
author | Benjamin Eberlei <kontakt@beberlei.de> | 2019-04-28 17:30:09 +0200 |
---|---|---|
committer | Peter Kokot <peterkokot@gmail.com> | 2019-05-14 23:49:55 +0200 |
commit | 050d299364ded5cb7b878bc515aa763c9c623c4b (patch) | |
tree | cc7889b31883295c121f61f270f1fbff8eda9975 /Zend | |
parent | f1a53501e649d7d5d9fe9d0d8c47c6139de5f29e (diff) | |
download | php-git-050d299364ded5cb7b878bc515aa763c9c623c4b.tar.gz |
Fix bug #62397 - disable_functions does not work with eval.
Diffstat (limited to 'Zend')
-rw-r--r-- | Zend/tests/errmsg_046.phpt | 14 | ||||
-rw-r--r-- | Zend/zend_API.c | 12 |
2 files changed, 26 insertions, 0 deletions
diff --git a/Zend/tests/errmsg_046.phpt b/Zend/tests/errmsg_046.phpt new file mode 100644 index 0000000000..0a4ec50183 --- /dev/null +++ b/Zend/tests/errmsg_046.phpt @@ -0,0 +1,14 @@ +--TEST-- +errmsg: disabled eval function +--INI-- +disable_functions=eval +--FILE-- +<?php + +eval('echo "Eval";'); + +echo "Done\n"; +?> +--EXPECTF-- +Warning: eval() has been disabled for security reasons in %s on line %d +Done diff --git a/Zend/zend_API.c b/Zend/zend_API.c index a7a83185ad..a6115db38c 100644 --- a/Zend/zend_API.c +++ b/Zend/zend_API.c @@ -2757,6 +2757,12 @@ ZEND_API int zend_set_hash_symbol(zval *symbol, const char *name, int name_lengt /* Disabled functions support */ +zend_op_array *display_disabled_compile_string(zval *source_string, char *filename) +{ + zend_error(E_WARNING, "eval() has been disabled for security reasons"); + return NULL; +} + /* {{{ proto void display_disabled_function(void) Dummy function which displays an error when a disabled function is called. */ ZEND_API ZEND_FUNCTION(display_disabled_function) @@ -2768,6 +2774,12 @@ ZEND_API ZEND_FUNCTION(display_disabled_function) ZEND_API int zend_disable_function(char *function_name, size_t function_name_length) /* {{{ */ { zend_internal_function *func; + + if (strcmp(function_name, "eval") == 0) { + zend_compile_string = display_disabled_compile_string; + return SUCCESS; + } + if ((func = zend_hash_str_find_ptr(CG(function_table), function_name, function_name_length))) { func->fn_flags &= ~(ZEND_ACC_VARIADIC | ZEND_ACC_HAS_TYPE_HINTS); func->num_args = 0; |