diff options
| author | Nikita Popov <nikic@php.net> | 2016-04-24 23:49:52 +0200 |
|---|---|---|
| committer | Nikita Popov <nikic@php.net> | 2016-05-24 20:48:24 +0200 |
| commit | 91f5940329fede8a26b64e99d4d6d858fe8654cc (patch) | |
| tree | b5874f30a7d0d3c4bec3503aeac4d5b097da9e43 /ext/standard/string.c | |
| parent | 674297c7e41013c2c34d770051714518d0586271 (diff) | |
| download | php-git-91f5940329fede8a26b64e99d4d6d858fe8654cc.tar.gz | |
Forbid dynamic calls to scope introspection functions
Per RFC:
https://wiki.php.net/rfc/forbid_dynamic_scope_introspection
Diffstat (limited to 'ext/standard/string.c')
| -rw-r--r-- | ext/standard/string.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/ext/standard/string.c b/ext/standard/string.c index b2fcfa0ec3..1305e7f920 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -4605,8 +4605,13 @@ PHP_FUNCTION(parse_str) if (arrayArg == NULL) { zval tmp; - zend_array *symbol_table = zend_rebuild_symbol_table(); + zend_array *symbol_table; + if (zend_forbid_dynamic_call("parse_str() with a single argument") == FAILURE) { + efree(res); + return; + } + symbol_table = zend_rebuild_symbol_table(); ZVAL_ARR(&tmp, symbol_table); sapi_module.treat_data(PARSE_STRING, res, &tmp); } else { |