Add flag to forbid dynamic property creation on internal classes

While performing resource -> object migrations, we're adding
defensive classes that are final, non-serializable and non-clonable
(unless they are, of course). This path adds a ZEND_ACC_NO_DYNAMIC_PROPERTIES
flag, that also forbids the creation of dynamic properties on these objects.
This is a subset of #3931 and targeted at internal usage only
(though may be extended to userland at some point in the future).

It's already possible to achieve this (what the removed
WeakRef/WeakMap code does), but there's some caveats: First, this
simple approach is only possible if the class has no declared
properties, otherwise it's necessary to special-case those
properties. Second, it's easy to make it overly strict, e.g. by
forbidding isset($obj->prop) as well. And finally, it requires a
lot of boilerplate code for each class.

Closes GH-5572.

1 files changed, 1 insertions, 1 deletions

diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index af58d37ff5..d8b408d19d 100644
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -1193,7 +1193,7 @@ PHP_MINIT_FUNCTION(curl)
 	zend_class_entry ce;
 	INIT_CLASS_ENTRY(ce, "CurlHandle", class_CurlHandle_methods);
 	curl_ce = zend_register_internal_class(&ce);
-	curl_ce->ce_flags |= ZEND_ACC_FINAL;
+	curl_ce->ce_flags |= ZEND_ACC_FINAL | ZEND_ACC_NO_DYNAMIC_PROPERTIES;
 	curl_ce->create_object = curl_create_object;
 	curl_ce->serialize = zend_class_serialize_deny;
 	curl_ce->unserialize = zend_class_unserialize_deny;