Fix bug #78563

author Mark <mrandall@digitellinc.com>

Fri, 4 Oct 2019 19:38:49 +0000 (20:38 +0100)

committer Nikita Popov <nikita.ppv@gmail.com>

Mon, 7 Oct 2019 08:24:41 +0000 (10:24 +0200)
author Mark <mrandall@digitellinc.com>
Fri, 4 Oct 2019 19:38:49 +0000 (20:38 +0100)
committer Nikita Popov <nikita.ppv@gmail.com>
Mon, 7 Oct 2019 08:24:41 +0000 (10:24 +0200)
diff --git a/ext/xml/tests/bug78563.phpt b/ext/xml/tests/bug78563.phpt

new file mode 100644 (file)

index 0000000..3203bbd
--- /dev/null
+++ b/ext/xml/tests/bug78563.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #78563: parsers should not be clonable
+--SKIPIF--
+<?php include("skipif.inc"); ?>
+--FILE--
+<?php
+
+$parser = xml_parser_create();
+clone $parser;
+
+?>
+===DONE===
+--EXPECTF--
+Fatal error: Uncaught Error: Trying to clone an uncloneable object of class XmlParser in %s:%d
+Stack trace:
+#0 {main}
+  thrown in %s on line %d
diff --git a/ext/xml/tests/bug78563_final.phpt b/ext/xml/tests/bug78563_final.phpt

new file mode 100644 (file)

index 0000000..23fac0d
--- /dev/null
+++ b/ext/xml/tests/bug78563_final.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Bug #78563: parsers should not be extendable
+--SKIPIF--
+<?php include("skipif.inc"); ?>
+--FILE--
+<?php
+
+class Dummy extends Xmlparser {
+
+}
+
+?>
+===DONE===
+--EXPECTF--
+Fatal error: Class Dummy may not inherit from final class (XmlParser) in %s on line %d
diff --git a/ext/xml/tests/bug78563_serialize.phpt b/ext/xml/tests/bug78563_serialize.phpt

new file mode 100644 (file)

index 0000000..d480446
--- /dev/null
+++ b/ext/xml/tests/bug78563_serialize.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Bug #78563: parsers should not be serializable
+--SKIPIF--
+<?php include("skipif.inc"); ?>
+--FILE--
+<?php
+
+$parser = xml_parser_create();
+serialize($parser);
+
+?>
+===DONE===
+--EXPECTF--
+Fatal error: Uncaught Exception: Serialization of 'XmlParser' is not allowed in %s:%d
+Stack trace:
+#0 %s(%d): serialize(Object(XmlParser))
+#1 {main}
+  thrown in %s on line %d
diff --git a/ext/xml/xml.c b/ext/xml/xml.c

index f0ffcac961e3b6e46f298fd17a01e9448a6abb01..a033accfdb5faba76c97e9c22719e43484bc40ac 100644 (file)
--- a/ext/xml/xml.c
+++ b/ext/xml/xml.c
@@ -26,6 +26,7 @@
  #include "ext/standard/php_string.h"
  #include "ext/standard/info.h"
  #include "ext/standard/html.h"
+#include "zend_interfaces.h"
  
  #if HAVE_XML
  
@@ -308,15 +309,18 @@ PHP_MINIT_FUNCTION(xml)
  {
         zend_class_entry ce;
         INIT_CLASS_ENTRY(ce, "XmlParser", xml_parser_methods);
-       ce.create_object = xml_parser_create_object;
-       ce.ce_flags |= ZEND_ACC_FINAL;
         xml_parser_ce = zend_register_internal_class(&ce);
+       xml_parser_ce->create_object = xml_parser_create_object;
+       xml_parser_ce->ce_flags |= ZEND_ACC_FINAL;
+       xml_parser_ce->serialize = zend_class_serialize_deny;
+       xml_parser_ce->unserialize = zend_class_unserialize_deny;
  
         memcpy(&xml_parser_object_handlers, &std_object_handlers, sizeof(zend_object_handlers));
         xml_parser_object_handlers.offset = XtOffsetOf(xml_parser, std);
         xml_parser_object_handlers.free_obj = xml_parser_free_obj;
         xml_parser_object_handlers.get_gc = xml_parser_get_gc;
         xml_parser_object_handlers.get_constructor = xml_parser_get_constructor;
+       xml_parser_object_handlers.clone_obj = NULL;
  
         REGISTER_LONG_CONSTANT("XML_ERROR_NONE", XML_ERROR_NONE, CONST_CS|CONST_PERSISTENT);
         REGISTER_LONG_CONSTANT("XML_ERROR_NO_MEMORY", XML_ERROR_NO_MEMORY, CONST_CS|CONST_PERSISTENT);
author	Mark <mrandall@digitellinc.com>
	Fri, 4 Oct 2019 19:38:49 +0000 (20:38 +0100)
committer	Nikita Popov <nikita.ppv@gmail.com>
	Mon, 7 Oct 2019 08:24:41 +0000 (10:24 +0200)
ext/xml/tests/bug78563.phpt	[new file with mode: 0644]	patch \| blob
ext/xml/tests/bug78563_final.phpt	[new file with mode: 0644]	patch \| blob
ext/xml/tests/bug78563_serialize.phpt	[new file with mode: 0644]	patch \| blob
ext/xml/xml.c		patch \| blob \| history