diff options
| -rw-r--r-- | ext/standard/var_unserializer.re | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re index 6aa9526b86..fb1ab2f496 100644 --- a/ext/standard/var_unserializer.re +++ b/ext/standard/var_unserializer.re @@ -1171,6 +1171,12 @@ object ":" uiv ":" ["] { break; } + if (!zend_is_valid_class_name(class_name)) { + zend_string_release_ex(lc_name, 0); + zend_string_release_ex(class_name, 0); + return 0; + } + /* Try to find class directly */ BG(serialize_lock)++; ce = zend_lookup_class_ex(class_name, lc_name, 0); |