Revert "Remove class validation. zend_lookup_class_ex() performs it anyway."

This reverts commit 61cf1355fd53b6556f0502510ba3e1efbd04d242.

Class name validation is only performed if key is not passed. Here, lc_name is passed as key.

diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re
index 6aa9526b866698ce2f8bed8cc006b8b3f15ddd73..fb1ab2f49667ccf5b2fc8010254a130cba8824ad 100644 (file)
--- a/ext/standard/var_unserializer.re
+++ b/ext/standard/var_unserializer.re
@@ -1171,6 +1171,12 @@ object ":" uiv ":" ["]   {
                        break;
                }
 
+               if (!zend_is_valid_class_name(class_name)) {
+                       zend_string_release_ex(lc_name, 0);
+                       zend_string_release_ex(class_name, 0);
+                       return 0;
+               }
+
                /* Try to find class directly */
                BG(serialize_lock)++;
                ce = zend_lookup_class_ex(class_name, lc_name, 0);