if (is_object) {
zstr prop_name, class_name;
- zend_u_unmangle_property_name(ztype, string_key, &class_name, &prop_name);
+ zend_u_unmangle_property_name(ztype, string_key, str_len - 1, &class_name, &prop_name);
if (class_name.v) {
if (class_name.s[0]=='*') {
key_type = zend_hash_get_current_key_ex(properties, &key, &key_len, &num_index, 0, &pos);
zend_hash_move_forward_ex(properties, &pos);
- zend_u_unmangle_property_name(key_type, key, &class_name, &prop_name);
+ zend_u_unmangle_property_name(key_type, key, key_len-1, &class_name, &prop_name);
if (class_name.v) {
/* UTODO: Fix this to support Unicode */
if (class_name.s[0] != '*' && strcmp(class_name.s, ce->name.s)) {
while (zend_hash_get_current_data_ex(properties, (void **) &value, &pos) == SUCCESS) {
if (zend_hash_get_current_key_ex(properties, &key, &key_len, &num_index, 0, &pos) == (UG(unicode)?HASH_KEY_IS_UNICODE:HASH_KEY_IS_STRING)) {
- zend_u_unmangle_property_name(UG(unicode)?IS_UNICODE:IS_STRING, key, &class_name, &prop_name);
+ zend_u_unmangle_property_name(UG(unicode)?IS_UNICODE:IS_STRING, key, key_len-1, &class_name, &prop_name);
if (class_name.v == NULL) {
/* Not separating references */
(*value)->refcount++;
if (property_info->flags & ZEND_ACC_PUBLIC) {
RETURN_TRUE;
}
- zend_u_unmangle_property_name(Z_TYPE_PP(property), property_info->name, &class_name, &prop_name);
+ zend_u_unmangle_property_name(Z_TYPE_PP(property), property_info->name, property_info->name_length, &class_name, &prop_name);
/* UTODO: Fix this??? */
if (class_name.s[0] == '*') {
if (instanceof_function(EG(scope), ce TSRMLS_CC)) {
if (Z_TYPE_PP(new_prop) != IS_NULL && Z_TYPE_PP(prop) != IS_NULL) {
zstr prop_name, tmp;
- zend_u_unmangle_property_name(utype, child_info->name, &tmp, &prop_name);
+ zend_u_unmangle_property_name(utype, child_info->name, child_info->name_length, &tmp, &prop_name);
zend_error(E_COMPILE_ERROR, "Cannot change initial value of property static protected %v::$%v in class %v",
parent_ce->name, prop_name, ce->name);
}
}
}
-ZEND_API void zend_unmangle_property_name(char *mangled_property, char **class_name, char **prop_name)
+static int zend_strnlen(const char* s, int maxlen)
{
- *prop_name = *class_name = NULL;
+ int len = 0;
+ while (*s++ && maxlen--) len++;
+ return len;
+}
+
+static int zend_u_strnlen(const UChar* s, int maxlen)
+{
+ int len = 0;
+ while (*s++ && maxlen--) len++;
+ return len;
+}
+
+ZEND_API int zend_unmangle_property_name(char *mangled_property, int len, char **class_name, char **prop_name)
+{
+ int class_name_len;
+
+ *class_name = NULL;
if (mangled_property[0]!=0) {
*prop_name = mangled_property;
- return;
+ return SUCCESS;
+ }
+ if (len < 3) {
+ zend_error(E_NOTICE, "Illegal member variable name");
+ *prop_name = mangled_property;
+ return FAILURE;
}
+ class_name_len = zend_strnlen(mangled_property+1, --len - 1) + 1;
+ if (class_name_len >= len || mangled_property[class_name_len]!=0) {
+ zend_error(E_NOTICE, "Corrupt member variable name");
+ *prop_name = mangled_property;
+ return FAILURE;
+ }
*class_name = mangled_property+1;
- *prop_name = (*class_name)+strlen(*class_name)+1;
+ *prop_name = (*class_name)+class_name_len;
+ return SUCCESS;
}
-ZEND_API void zend_u_unmangle_property_name(zend_uchar type, zstr mangled_property, zstr *class_name, zstr *prop_name)
+ZEND_API int zend_u_unmangle_property_name(zend_uchar type, zstr mangled_property, int len, zstr *class_name, zstr *prop_name)
{
if (type == IS_UNICODE) {
- prop_name->v = class_name->v = NULL;
+ int class_name_len;
+
+ class_name->v = NULL;
if ((mangled_property.u)[0]!=0) {
*prop_name = mangled_property;
- return;
+ return SUCCESS;
+ }
+ if (len < 3) {
+ zend_error(E_NOTICE, "Illegal member variable name");
+ *prop_name = mangled_property;
+ return FAILURE;
+ }
+
+ class_name_len = zend_u_strnlen(mangled_property.u+1, --len - 1) + 1;
+ if (class_name_len >= len || mangled_property.u[class_name_len]!=0) {
+ zend_error(E_NOTICE, "Corrupt member variable name");
+ *prop_name = mangled_property;
+ return FAILURE;
}
class_name->u = mangled_property.u + 1;
- prop_name->u = class_name->u + u_strlen(class_name->u)+1;
+ prop_name->u = class_name->u + class_name_len+1;
if (class_name->u[0] == '*') {
class_name->s = "*";
}
+ return SUCCESS;
} else {
- zend_unmangle_property_name(mangled_property.s, &class_name->s, &prop_name->s);
+ return zend_unmangle_property_name(mangled_property.s, len, &class_name->s, &prop_name->s);
}
}
void zend_class_add_ref(zend_class_entry **ce);
ZEND_API void zend_mangle_property_name(char **dest, int *dest_length, char *src1, int src1_length, char *src2, int src2_length, int internal);
-ZEND_API void zend_unmangle_property_name(char *mangled_property, char **prop_name, char **class_name);
+ZEND_API int zend_unmangle_property_name(char *mangled_property, int len, char **prop_name, char **class_name);
ZEND_API void zend_u_mangle_property_name(zstr *dest, int *dest_length, zend_uchar type, zstr src1, int src1_length, zstr src2, int src2_length, int internal);
-ZEND_API void zend_u_unmangle_property_name(zend_uchar type, zstr mangled_property, zstr *prop_name, zstr *class_name);
+ZEND_API int zend_u_unmangle_property_name(zend_uchar type, zstr mangled_property, int len, zstr *prop_name, zstr *class_name);
#define ZEND_FUNCTION_DTOR (void (*)(void *)) zend_function_dtor
}
-ZEND_API int zend_check_property_access(zend_object *zobj, zend_uchar utype, zstr prop_info_name TSRMLS_DC)
+ZEND_API int zend_check_property_access(zend_object *zobj, zend_uchar utype, zstr prop_info_name, int prop_info_name_len TSRMLS_DC)
{
zend_property_info *property_info;
zstr class_name, prop_name;
zval member;
- zend_u_unmangle_property_name(utype, prop_info_name, &class_name, &prop_name);
+ zend_u_unmangle_property_name(utype, prop_info_name, prop_info_name_len, &class_name, &prop_name);
if (utype == IS_UNICODE) {
ZVAL_UNICODE(&member, prop_name.u, 0);
} else {
ZEND_API int zend_check_protected(zend_class_entry *ce, zend_class_entry *scope);
-ZEND_API int zend_check_property_access(zend_object *zobj, zend_uchar utype, zstr prop_info_name TSRMLS_DC);
+ZEND_API int zend_check_property_access(zend_object *zobj, zend_uchar utype, zstr prop_info_name, int prop_info_name_len TSRMLS_DC);
ZEND_API void zend_std_call_user_call(INTERNAL_FUNCTION_PARAMETERS);
END_EXTERN_C()
key_type = zend_hash_get_current_key_ex(fe_ht, &str_key, &str_key_len, &int_key, 0, NULL);
if (key_type != HASH_KEY_NON_EXISTANT &&
- zend_check_property_access(zobj, key_type == HASH_KEY_IS_UNICODE?IS_UNICODE:IS_STRING, str_key TSRMLS_CC) == SUCCESS) {
+ zend_check_property_access(zobj, key_type == HASH_KEY_IS_UNICODE?IS_UNICODE:IS_STRING, str_key, str_key_len-1 TSRMLS_CC) == SUCCESS) {
break;
}
zend_hash_move_forward(fe_ht);
key_type = zend_hash_get_current_key_ex(fe_ht, &str_key, &str_key_len, &int_key, 0, NULL);
zend_hash_move_forward(fe_ht);
- } while (key_type == HASH_KEY_NON_EXISTANT || zend_check_property_access(zobj, key_type == HASH_KEY_IS_UNICODE?IS_UNICODE:IS_STRING, str_key TSRMLS_CC) != SUCCESS);
+ } while (key_type == HASH_KEY_NON_EXISTANT || zend_check_property_access(zobj, key_type == HASH_KEY_IS_UNICODE?IS_UNICODE:IS_STRING, str_key, str_key_len-1 TSRMLS_CC) != SUCCESS);
if (use_key) {
- zend_u_unmangle_property_name(key_type == HASH_KEY_IS_UNICODE?IS_UNICODE:IS_STRING, str_key, &class_name, &prop_name);
+ zend_u_unmangle_property_name(key_type == HASH_KEY_IS_UNICODE?IS_UNICODE:IS_STRING, str_key, str_key_len-1, &class_name, &prop_name);
if (key_type == HASH_KEY_IS_UNICODE) {
str_key_len = u_strlen(prop_name.u);
str_key.u = eustrndup(prop_name.u, str_key_len);
key_type = zend_hash_get_current_key_ex(fe_ht, &str_key, &str_key_len, &int_key, 0, NULL);
if (key_type != HASH_KEY_NON_EXISTANT &&
- zend_check_property_access(zobj, key_type == HASH_KEY_IS_UNICODE?IS_UNICODE:IS_STRING, str_key TSRMLS_CC) == SUCCESS) {
+ zend_check_property_access(zobj, key_type == HASH_KEY_IS_UNICODE?IS_UNICODE:IS_STRING, str_key, str_key_len-1 TSRMLS_CC) == SUCCESS) {
break;
}
zend_hash_move_forward(fe_ht);
key_type = zend_hash_get_current_key_ex(fe_ht, &str_key, &str_key_len, &int_key, 0, NULL);
if (key_type != HASH_KEY_NON_EXISTANT &&
- zend_check_property_access(zobj, key_type == HASH_KEY_IS_UNICODE?IS_UNICODE:IS_STRING, str_key TSRMLS_CC) == SUCCESS) {
+ zend_check_property_access(zobj, key_type == HASH_KEY_IS_UNICODE?IS_UNICODE:IS_STRING, str_key, str_key_len-1 TSRMLS_CC) == SUCCESS) {
break;
}
zend_hash_move_forward(fe_ht);
key_type = zend_hash_get_current_key_ex(fe_ht, &str_key, &str_key_len, &int_key, 0, NULL);
if (key_type != HASH_KEY_NON_EXISTANT &&
- zend_check_property_access(zobj, key_type == HASH_KEY_IS_UNICODE?IS_UNICODE:IS_STRING, str_key TSRMLS_CC) == SUCCESS) {
+ zend_check_property_access(zobj, key_type == HASH_KEY_IS_UNICODE?IS_UNICODE:IS_STRING, str_key, str_key_len-1 TSRMLS_CC) == SUCCESS) {
break;
}
zend_hash_move_forward(fe_ht);
key_type = zend_hash_get_current_key_ex(fe_ht, &str_key, &str_key_len, &int_key, 0, NULL);
zend_hash_move_forward(fe_ht);
- } while (key_type == HASH_KEY_NON_EXISTANT || zend_check_property_access(zobj, key_type == HASH_KEY_IS_UNICODE?IS_UNICODE:IS_STRING, str_key TSRMLS_CC) != SUCCESS);
+ } while (key_type == HASH_KEY_NON_EXISTANT || zend_check_property_access(zobj, key_type == HASH_KEY_IS_UNICODE?IS_UNICODE:IS_STRING, str_key, str_key_len-1 TSRMLS_CC) != SUCCESS);
if (use_key) {
- zend_u_unmangle_property_name(key_type == HASH_KEY_IS_UNICODE?IS_UNICODE:IS_STRING, str_key, &class_name, &prop_name);
+ zend_u_unmangle_property_name(key_type == HASH_KEY_IS_UNICODE?IS_UNICODE:IS_STRING, str_key, str_key_len-1, &class_name, &prop_name);
if (key_type == HASH_KEY_IS_UNICODE) {
str_key_len = u_strlen(prop_name.u);
str_key.u = eustrndup(prop_name.u, str_key_len);
key_type = zend_hash_get_current_key_ex(fe_ht, &str_key, &str_key_len, &int_key, 0, NULL);
if (key_type != HASH_KEY_NON_EXISTANT &&
- zend_check_property_access(zobj, key_type == HASH_KEY_IS_UNICODE?IS_UNICODE:IS_STRING, str_key TSRMLS_CC) == SUCCESS) {
+ zend_check_property_access(zobj, key_type == HASH_KEY_IS_UNICODE?IS_UNICODE:IS_STRING, str_key, str_key_len-1 TSRMLS_CC) == SUCCESS) {
break;
}
zend_hash_move_forward(fe_ht);
projects / php / commitdiff