summaryrefslogtreecommitdiff
path: root/ext/standard/array.c
diff options
context:
space:
mode:
authorIlia Alshanetsky <iliaa@php.net>2004-07-08 17:07:22 +0000
committerIlia Alshanetsky <iliaa@php.net>2004-07-08 17:07:22 +0000
commit79c28f76180d98e2d4c6ba8320768a987fb0f79f (patch)
treea8f058fa1cfb6ab5ea697a4df364ad08604dc4e7 /ext/standard/array.c
parentc176a0ae209750843bd32fbd75ace2a21a368c59 (diff)
downloadphp-git-79c28f76180d98e2d4c6ba8320768a987fb0f79f.tar.gz
Fixed bug #29049 (array sorting via user function/method does not validate
it).
Diffstat (limited to 'ext/standard/array.c')
-rw-r--r--ext/standard/array.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/ext/standard/array.c b/ext/standard/array.c
index 0100d02cd3..d9c0216f8d 100644
--- a/ext/standard/array.c
+++ b/ext/standard/array.c
@@ -569,6 +569,14 @@ static int array_user_compare(const void *a, const void *b TSRMLS_DC)
}
}
+/* check is comparison function is valid */
+#define PHP_ARRAY_CMP_FUNC_CHECK(func_name) \
+ if (!zend_is_callable(*func_name, 0, NULL)) { \
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid comparison function."); \
+ BG(user_compare_func_name) = old_compare_func; \
+ RETURN_FALSE; \
+ } \
+
/* {{{ proto bool usort(array array_arg, string cmp_function)
Sort an array by values using a user-defined comparison function */
PHP_FUNCTION(usort)
@@ -590,6 +598,9 @@ PHP_FUNCTION(usort)
BG(user_compare_func_name) = old_compare_func;
RETURN_FALSE;
}
+
+ PHP_ARRAY_CMP_FUNC_CHECK(BG(user_compare_func_name))
+
if (zend_hash_sort(target_hash, zend_qsort, array_user_compare, 1 TSRMLS_CC) == FAILURE) {
BG(user_compare_func_name) = old_compare_func;
RETURN_FALSE;
@@ -619,6 +630,9 @@ PHP_FUNCTION(uasort)
BG(user_compare_func_name) = old_compare_func;
RETURN_FALSE;
}
+
+ PHP_ARRAY_CMP_FUNC_CHECK(BG(user_compare_func_name))
+
if (zend_hash_sort(target_hash, zend_qsort, array_user_compare, 0 TSRMLS_CC) == FAILURE) {
BG(user_compare_func_name) = old_compare_func;
RETURN_FALSE;
@@ -694,6 +708,9 @@ PHP_FUNCTION(uksort)
BG(user_compare_func_name) = old_compare_func;
RETURN_FALSE;
}
+
+ PHP_ARRAY_CMP_FUNC_CHECK(BG(user_compare_func_name))
+
if (zend_hash_sort(target_hash, zend_qsort, array_user_key_compare, 0 TSRMLS_CC) == FAILURE) {
BG(user_compare_func_name) = old_compare_func;
RETURN_FALSE;
View Lorry Controller Status