clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-21 18:07:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Switch PDO to use serialize_deny

Browse Source 
And remove dummy __sleep/__wakeup. This switches the thrown
exception type from PDOException to Exception.
This commit is contained in:
Nikita Popov 2018-11-26 13:28:14 +01:00
parent a624c2bd13
commit 6e4b202694
4 changed files with 9 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
UPGRADING
View File

@ -31,6 +31,11 @@ PHP 7.4 UPGRADE NOTES
. The default parameter value of idn_to_ascii() and idn_to_utf8() is now
INTL_IDNA_VARIANT_UTS46 instead of the deprecated INTL_IDNA_VARIANT_2003.
- PDO:
. Attempting to serialize a PDO instance will now generate an Exception
rather than a PDOException, consistent with other internal classes which
do not support serialization.
- Reflection:
. Reflection objects will now generate an exception if an attempt is made
to serialize them. Serialization for reflection objects was never

21
ext/pdo/pdo_dbh.c
View File

@ -33,6 +33,7 @@
#include "zend_exceptions.h"
#include "zend_object_handlers.h"
#include "zend_hash.h"
#include "zend_interfaces.h"
static int pdo_dbh_attribute_set(pdo_dbh_t *dbh, zend_long attr, zval *value);
@ -1153,22 +1154,6 @@ static PHP_METHOD(PDO, quote)
}
/* }}} */
/* {{{ proto PDO::__wakeup()
Prevents use of a PDO instance that has been unserialized */
static PHP_METHOD(PDO, __wakeup)
{
zend_throw_exception_ex(php_pdo_get_exception(), 0, "You cannot serialize or unserialize PDO instances");
}
/* }}} */
/* {{{ proto int PDO::__sleep()
Prevents serialization of a PDO instance */
static PHP_METHOD(PDO, __sleep)
{
zend_throw_exception_ex(php_pdo_get_exception(), 0, "You cannot serialize or unserialize PDO instances");
}
/* }}} */
/* {{{ proto array PDO::getAvailableDrivers()
Return array of available PDO drivers */
static PHP_METHOD(PDO, getAvailableDrivers)
@ -1241,8 +1226,6 @@ const zend_function_entry pdo_dbh_functions[] = /* {{{ */ {
PHP_ME(PDO, errorInfo, arginfo_pdo__void, ZEND_ACC_PUBLIC)
PHP_ME(PDO, getAttribute, arginfo_pdo_getattribute, ZEND_ACC_PUBLIC)
PHP_ME(PDO, quote, arginfo_pdo_quote, ZEND_ACC_PUBLIC)
PHP_ME(PDO, __wakeup, arginfo_pdo__void, ZEND_ACC_PUBLIC|ZEND_ACC_FINAL)
PHP_ME(PDO, __sleep, arginfo_pdo__void, ZEND_ACC_PUBLIC|ZEND_ACC_FINAL)
PHP_ME(PDO, getAvailableDrivers, arginfo_pdo__void, ZEND_ACC_PUBLIC|ZEND_ACC_STATIC)
PHP_FE_END
};
@ -1384,6 +1367,8 @@ void pdo_dbh_init(void)
INIT_CLASS_ENTRY(ce, "PDO", pdo_dbh_functions);
pdo_dbh_ce = zend_register_internal_class(&ce);
pdo_dbh_ce->create_object = pdo_dbh_new;
pdo_dbh_ce->serialize = zend_class_serialize_deny;
pdo_dbh_ce->unserialize = zend_class_unserialize_deny;
memcpy(&pdo_dbh_object_handlers, &std_object_handlers, sizeof(zend_object_handlers));
pdo_dbh_object_handlers.offset = XtOffsetOf(pdo_dbh_object_t, std);

2
ext/pdo/tests/pecl_bug_5217.phpt
View File

@ -25,5 +25,5 @@ try {
echo "PHP Didn't crash!\n";
?>
--EXPECT--
Safely caught You cannot serialize or unserialize PDO instances
Safely caught Serialization of 'PDO' is not allowed
PHP Didn't crash!

2
ext/pdo_mysql/tests/pdo_mysql_interface.phpt
View File

@ -29,8 +29,6 @@ if (false == MySQLPDOTest::detect_transactional_mysql_engine($db))
'getAttribute' => true,
'quote' => true,
'inTransaction' => true,
'__wakeup' => true,
'__sleep' => true,
'getAvailableDrivers' => true,
);
$classname = get_class($db);