Fixed bug #49800 (SimpleXML allow (un)serialize() calls without warning).

# original patch by wmeler at wp-sa dot pl
2024-09-22 02:17:32 +00:00 · 2009-10-07 12:46:29 +00:00 · 2009-10-07 12:46:29 +00:00 · b6b56ba87a
commit b6b56ba87a
parent 264d6db5a6
2 changed files with 4 additions and 1 deletions
--- a/2
+++ b/2
@ -13,6 +13,8 @@ PHP                                                                        NEWS
 - Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz 
  Stachowiak.  (Rasmus)

+- Fixed bug #49800 (SimpleXML allow (un)serialize() calls without warning).
+  (Ilia, wmeler at wp-sa dot pl)
 - Fixed bug #49757 (long2ip() can return wrong value in a multi-threaded
  applications). (Ilia, Florian Anderiasch)
 - Fixed bug #49738 (calling mcrypt after mcrypt_generic_deinit crashes).
--- a/ext/simplexml/simplexml.c
+++ b/ext/simplexml/simplexml.c
@ -2531,7 +2531,8 @@ PHP_MINIT_FUNCTION(simplexml)
 	sxe_object_handlers.get_constructor = zend_get_std_object_handlers()->get_constructor;
 	sxe_object_handlers.get_class_entry = zend_get_std_object_handlers()->get_class_entry;
 	sxe_object_handlers.get_class_name = zend_get_std_object_handlers()->get_class_name;
-
+	sxe_class_entry->serialize = zend_class_serialize_deny;
+	sxe_class_entry->unserialize = zend_class_unserialize_deny;

 	php_libxml_register_export(sxe_class_entry, simplexml_export_node);