mirror of
https://github.com/php/php-src.git
synced 2024-09-22 18:37:25 +00:00
Deny serialization of finfo objects
The resulting objects were already unusable, make it error out earlier.
This commit is contained in:
parent
70388cc0ed
commit
6d3695a217
@ -35,6 +35,7 @@
|
||||
#include "fileinfo_arginfo.h"
|
||||
#include "fopen_wrappers.h" /* needed for is_url */
|
||||
#include "Zend/zend_exceptions.h"
|
||||
#include "Zend/zend_interfaces.h"
|
||||
|
||||
/* {{{ macros and type definitions */
|
||||
typedef struct _php_fileinfo {
|
||||
@ -132,8 +133,10 @@ PHP_MINIT_FUNCTION(finfo)
|
||||
{
|
||||
zend_class_entry _finfo_class_entry;
|
||||
INIT_CLASS_ENTRY(_finfo_class_entry, "finfo", class_finfo_methods);
|
||||
_finfo_class_entry.create_object = finfo_objects_new;
|
||||
finfo_class_entry = zend_register_internal_class(&_finfo_class_entry);
|
||||
finfo_class_entry->create_object = finfo_objects_new;
|
||||
finfo_class_entry->serialize = zend_class_serialize_deny;
|
||||
finfo_class_entry->unserialize = zend_class_unserialize_deny;
|
||||
|
||||
/* copy the standard object handlers to you handler table */
|
||||
memcpy(&finfo_object_handlers, &std_object_handlers, sizeof(zend_object_handlers));
|
||||
|
@ -14,7 +14,7 @@ try {
|
||||
try {
|
||||
$finfo3 = unserialize(serialize($finfo));
|
||||
var_dump($finfo3->buffer("Test string"));
|
||||
} catch (Error $e) {
|
||||
} catch (Exception $e) {
|
||||
echo $e->getMessage(), "\n";
|
||||
}
|
||||
|
||||
@ -22,4 +22,4 @@ try {
|
||||
--EXPECTF--
|
||||
string(%d) "%s"
|
||||
Trying to clone an uncloneable object of class finfo
|
||||
Invalid finfo object
|
||||
Serialization of 'finfo' is not allowed
|
||||
|
Loading…
Reference in New Issue
Block a user