Forbid dynamic calls to scope introspection functions

Per RFC: https://wiki.php.net/rfc/forbid_dynamic_scope_introspection
author: Nikita Popov <nikic@php.net> 2016-04-24 23:49:52 +0200
committer: Nikita Popov <nikic@php.net> 2016-05-24 20:48:24 +0200
commit: 91f5940329fede8a26b64e99d4d6d858fe8654cc (patch)
tree: b5874f30a7d0d3c4bec3503aeac4d5b097da9e43 /ext/mbstring/mbstring.c
parent: 674297c7e41013c2c34d770051714518d0586271 (diff)
download: php-git-91f5940329fede8a26b64e99d4d6d858fe8654cc.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c
index 514c4fc1b6..423f357eae 100644
--- a/ext/mbstring/mbstring.c
+++ b/ext/mbstring/mbstring.c
@@ -2097,8 +2097,13 @@ PHP_FUNCTION(mb_parse_str)
 		detected = _php_mb_encoding_handler_ex(&info, track_vars_array, encstr);
 	} else {
 		zval tmp;
-		zend_array *symbol_table = zend_rebuild_symbol_table();
+		zend_array *symbol_table;
+		if (zend_forbid_dynamic_call("mb_parse_str() with a single argument") == FAILURE) {
+			efree(encstr);
+			return;
+		}
 
+		symbol_table = zend_rebuild_symbol_table();
 		ZVAL_ARR(&tmp, symbol_table);
 		detected = _php_mb_encoding_handler_ex(&info, &tmp, encstr);
 	}
author	Nikita Popov <nikic@php.net>	2016-04-24 23:49:52 +0200
committer	Nikita Popov <nikic@php.net>	2016-05-24 20:48:24 +0200
commit	91f5940329fede8a26b64e99d4d6d858fe8654cc (patch)
tree	b5874f30a7d0d3c4bec3503aeac4d5b097da9e43 /ext/mbstring/mbstring.c
parent	674297c7e41013c2c34d770051714518d0586271 (diff)
download	php-git-91f5940329fede8a26b64e99d4d6d858fe8654cc.tar.gz