From 6f908a0bf4b51cfe3327e3eb245af8831c5cac4d Mon Sep 17 00:00:00 2001 From: Gabriel Caruso Date: Thu, 23 Apr 2020 20:17:55 +0200 Subject: [PATCH] Check Serialization magic methods structure Closes GH-5441 --- Zend/tests/magic_methods_serialize.phpt | 12 ++++++++++++ Zend/tests/magic_methods_unserialize.phpt | 12 ++++++++++++ Zend/zend_API.c | 12 ++++++++++++ Zend/zend_compile.c | 4 ++++ 4 files changed, 40 insertions(+) create mode 100644 Zend/tests/magic_methods_serialize.phpt create mode 100644 Zend/tests/magic_methods_unserialize.phpt diff --git a/Zend/tests/magic_methods_serialize.phpt b/Zend/tests/magic_methods_serialize.phpt new file mode 100644 index 00000000000..978aff8b4f7 --- /dev/null +++ b/Zend/tests/magic_methods_serialize.phpt @@ -0,0 +1,12 @@ +--TEST-- +__serialize declaration +--FILE-- + +--EXPECTF-- +Warning: The magic method Foo::__serialize() must have public visibility and cannot be static in %s on line %d + +Fatal error: Method Foo::__serialize() cannot take arguments in %s on line %d diff --git a/Zend/tests/magic_methods_unserialize.phpt b/Zend/tests/magic_methods_unserialize.phpt new file mode 100644 index 00000000000..dc6aa171a7b --- /dev/null +++ b/Zend/tests/magic_methods_unserialize.phpt @@ -0,0 +1,12 @@ +--TEST-- +__unserialize declaration +--FILE-- + +--EXPECTF-- +Warning: The magic method Foo::__unserialize() must have public visibility and cannot be static in %s on line %d + +Fatal error: Method Foo::__unserialize() must take exactly 1 argument in %s on line %d diff --git a/Zend/zend_API.c b/Zend/zend_API.c index 7ec8806d183..c144bf82fea 100644 --- a/Zend/zend_API.c +++ b/Zend/zend_API.c @@ -2023,6 +2023,18 @@ ZEND_API void zend_check_magic_method_implementation(const zend_class_entry *ce, } else if (name_len == sizeof(ZEND_DEBUGINFO_FUNC_NAME) - 1 && !memcmp(lcname, ZEND_DEBUGINFO_FUNC_NAME, sizeof(ZEND_DEBUGINFO_FUNC_NAME)-1) && fptr->common.num_args != 0) { zend_error(error_type, "Method %s::__debugInfo() cannot take arguments", ZSTR_VAL(ce->name)); + } else if ( + name_len == sizeof("__serialize") - 1 + && !memcmp(lcname, "__serialize", sizeof("__serialize") - 1) + && fptr->common.num_args != 0 + ) { + zend_error(error_type, "Method %s::__serialize() cannot take arguments", ZSTR_VAL(ce->name)); + } else if ( + name_len == sizeof("__unserialize") - 1 + && !memcmp(lcname, "__unserialize", sizeof("__unserialize") - 1) + && fptr->common.num_args != 1 + ) { + zend_error(error_type, "Method %s::__unserialize() must take exactly 1 argument", ZSTR_VAL(ce->name)); } } /* }}} */ diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c index d9566be14aa..472a402fe6b 100644 --- a/Zend/zend_compile.c +++ b/Zend/zend_compile.c @@ -6171,6 +6171,10 @@ void zend_begin_method_decl(zend_op_array *op_array, zend_string *name, zend_boo } else if (zend_string_equals_literal(lcname, ZEND_DEBUGINFO_FUNC_NAME)) { zend_check_magic_method_attr(fn_flags, ce, "__debugInfo", 0); ce->__debugInfo = (zend_function *) op_array; + } else if (zend_string_equals_literal(lcname, "__serialize")) { + zend_check_magic_method_attr(fn_flags, ce, "__serialize", 0); + } else if (zend_string_equals_literal(lcname, "__unserialize")) { + zend_check_magic_method_attr(fn_flags, ce, "__unserialize", 0); } zend_string_release_ex(lcname, 0);