- Fixed bug #55082 (var_export() doesn't escape properties properly).

diff --git a/NEWS b/NEWS
index de4c5f15e685a8cc3e0fbb5118ebd9073b03b5cc..414f66f8ec71e8be1a035edf37e7abe90cef98cf 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,8 @@ PHP                                                                        NEWS
 ?? ??? 2011, PHP 5.3.7
 - Core:
   . Fixed crash in error_log(). (Felipe) Reported by Mateusz Kocielski.
+  . Fixed bug #55082 (var_export() doesn't escape properties properly).
+    (Gustavo)
 
 - DateTime extension:
   . Fixed bug where the DateTime object got changed while using date_diff().

diff --git a/ext/standard/tests/general_functions/var_export_basic9.phpt b/ext/standard/tests/general_functions/var_export_basic9.phpt
new file mode 100644 (file)
index 0000000..3c9706e
--- /dev/null
+++ b/ext/standard/tests/general_functions/var_export_basic9.phpt
@@ -0,0 +1,11 @@
+--TEST--
+Bug #55082: var_export() doesn't escape properties properly
+--FILE--
+<?php
+       $x = new stdClass();
+       $x->{'\'\\'} = 7;
+       echo var_export($x);
+--EXPECT--
+stdClass::__set_state(array(
+   '\'\\' => 7,
+))

diff --git a/ext/standard/var.c b/ext/standard/var.c
index 409bca6132a7b42a1b9057b874dc00b2dbc851a4..46dfc29391c962d98040101464a3da961160fd4a 100644 (file)
--- a/ext/standard/var.c
+++ b/ext/standard/var.c
@@ -387,18 +387,26 @@ static int php_object_element_export(zval **zv TSRMLS_DC, int num_args, va_list
 {
        int level;
        smart_str *buf;
-       char *prop_name, *class_name;
 
        level = va_arg(args, int);
        buf = va_arg(args, smart_str *);
 
        buffer_append_spaces(buf, level + 2);
        if (hash_key->nKeyLength != 0) {
-               zend_unmangle_property_name(hash_key->arKey, hash_key->nKeyLength - 1, &class_name, &prop_name);
+               char *class_name, /* ignored, but must be passed to unmangle */
+                        *pname,
+                        *pname_esc;
+               int  pname_esc_len;
+               
+               zend_unmangle_property_name(hash_key->arKey, hash_key->nKeyLength - 1,
+                               &class_name, &pname);
+               pname_esc = php_addcslashes(pname, strlen(pname), &pname_esc_len, 0,
+                       "'\\", 2 TSRMLS_CC);
 
                smart_str_appendc(buf, '\'');
-               smart_str_appends(buf, prop_name);
+               smart_str_appendl(buf, pname_esc, pname_esc_len);
                smart_str_appendc(buf, '\'');
+               efree(pname_esc);
        } else {
                smart_str_append_long(buf, hash_key->h);
        }