clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-21 09:57:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

User serialize_deny for PDOStatement as well

Browse Source
This commit is contained in:
Nikita Popov 2018-11-26 13:30:57 +01:00
parent 6e4b202694
commit 28edeb2ba3
2 changed files with 5 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
UPGRADING
View File

@ -32,9 +32,9 @@ PHP 7.4 UPGRADE NOTES
INTL_IDNA_VARIANT_UTS46 instead of the deprecated INTL_IDNA_VARIANT_2003.
- PDO:
. Attempting to serialize a PDO instance will now generate an Exception
rather than a PDOException, consistent with other internal classes which
do not support serialization.
. Attempting to serialize a PDO or PDOStatement instance will now generate
an Exception rather than a PDOException, consistent with other internal
classes which do not support serialization.
- Reflection:
. Reflection objects will now generate an exception if an attempt is made

20
ext/pdo/pdo_stmt.c
View File

@ -2145,22 +2145,6 @@ static PHP_METHOD(PDOStatement, debugDumpParams)
}
/* }}} */
/* {{{ proto PDOStatement::__wakeup()
Prevents use of a PDOStatement instance that has been unserialized */
static PHP_METHOD(PDOStatement, __wakeup)
{
zend_throw_exception_ex(php_pdo_get_exception(), 0, "You cannot serialize or unserialize PDOStatement instances");
}
/* }}} */
/* {{{ proto int PDOStatement::__sleep()
Prevents serialization of a PDOStatement instance */
static PHP_METHOD(PDOStatement, __sleep)
{
zend_throw_exception_ex(php_pdo_get_exception(), 0, "You cannot serialize or unserialize PDOStatement instances");
}
/* }}} */
const zend_function_entry pdo_dbstmt_functions[] = {
PHP_ME(PDOStatement, execute, arginfo_pdostatement_execute, ZEND_ACC_PUBLIC)
PHP_ME(PDOStatement, fetch, arginfo_pdostatement_fetch, ZEND_ACC_PUBLIC)
@ -2181,8 +2165,6 @@ const zend_function_entry pdo_dbstmt_functions[] = {
PHP_ME(PDOStatement, nextRowset, arginfo_pdostatement__void, ZEND_ACC_PUBLIC)
PHP_ME(PDOStatement, closeCursor, arginfo_pdostatement__void, ZEND_ACC_PUBLIC)
PHP_ME(PDOStatement, debugDumpParams, arginfo_pdostatement__void, ZEND_ACC_PUBLIC)
PHP_ME(PDOStatement, __wakeup, arginfo_pdostatement__void, ZEND_ACC_PUBLIC|ZEND_ACC_FINAL)
PHP_ME(PDOStatement, __sleep, arginfo_pdostatement__void, ZEND_ACC_PUBLIC|ZEND_ACC_FINAL)
PHP_FE_END
};
@ -2283,6 +2265,8 @@ void pdo_stmt_init(void)
pdo_dbstmt_ce = zend_register_internal_class(&ce);
pdo_dbstmt_ce->get_iterator = pdo_stmt_iter_get;
pdo_dbstmt_ce->create_object = pdo_dbstmt_new;
pdo_dbstmt_ce->serialize = zend_class_serialize_deny;
pdo_dbstmt_ce->unserialize = zend_class_unserialize_deny;
zend_class_implements(pdo_dbstmt_ce, 1, zend_ce_traversable);
zend_declare_property_null(pdo_dbstmt_ce, "queryString", sizeof("queryString")-1, ZEND_ACC_PUBLIC);