From 40c360194745ad09f066e6a1798d8c18dcdb58f4 Mon Sep 17 00:00:00 2001 From: Felipe Pena Date: Tue, 25 Jun 2013 18:04:25 -0300 Subject: [PATCH 1/2] - BFN --- NEWS | 2 ++ 1 file changed, 2 insertions(+) diff --git a/NEWS b/NEWS index 7d6f6bd70f6..d5e7ba298d3 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,8 @@ PHP NEWS (David Soria Parra, Laruence) . Fixed bug #65088 (Generated configure script is malformed on OpenBSD). (Adam) + . Fixed bug #62964 (Possible XSS on "Registered stream filters" info). + (david at nnucomputerwhiz dot com) . Fixed bug #60732 (php_error_docref links to invalid pages). (Jakub Vrana) - CLI server: From 04db57066deb73ef9c960a2c5bebad49195bc1bb Mon Sep 17 00:00:00 2001 From: Felipe Pena Date: Tue, 25 Jun 2013 21:18:09 -0300 Subject: [PATCH 2/2] - Fixed bug #62672 (Error on serialize of ArrayObject) patch by: lior dot k at zend dot com --- ext/spl/spl_array.c | 2 +- ext/spl/tests/bug62672.phpt | 31 +++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 ext/spl/tests/bug62672.phpt diff --git a/ext/spl/spl_array.c b/ext/spl/spl_array.c index 2c2c87d0279..40fbb4c8f67 100644 --- a/ext/spl/spl_array.c +++ b/ext/spl/spl_array.c @@ -1778,7 +1778,7 @@ SPL_METHOD(Array, unserialize) ++p; if (*p!='m') { - if (*p!='a' && *p!='O' && *p!='C') { + if (*p!='a' && *p!='O' && *p!='C' && *p!='r') { goto outexcept; } intern->ar_flags &= ~SPL_ARRAY_CLONE_MASK; diff --git a/ext/spl/tests/bug62672.phpt b/ext/spl/tests/bug62672.phpt new file mode 100644 index 00000000000..d0d6a62451a --- /dev/null +++ b/ext/spl/tests/bug62672.phpt @@ -0,0 +1,31 @@ +--TEST-- +Bug #62672 (Error on serialize of ArrayObject) +--FILE-- +_varA = $source; + } +} + +class ObjB extends ObjA +{ + private $_varB; + + public function __construct(ArrayObject $keys) + { + $this->_varB = $keys; + parent::__construct($keys->getIterator()); + } +} + +$obj = new ObjB(new ArrayObject()); + +var_dump($obj == unserialize(serialize($obj))); +--EXPECTF-- +bool(true)