PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? ????, PHP 7.3.0RC2
+- Core:
+ . Fixed bug #76869 (Incorrect bypassing protected method accessibilty check).
+ (Dmitry)
13 Sep 2018, PHP 7.3.0RC1
--- /dev/null
+--TEST--
+Bug #76869 (Incorrect bypassing protected method accessibilty check)
+--FILE--
+<?php
+class A {
+ private function f() {
+ return "A";
+ }
+}
+class B extends A {
+ protected function f() {
+ return "B";
+ }
+}
+$b = new B();
+try {
+ var_dump($b->f());
+} catch (Throwable $e) {
+ echo "Exception: ", $e->getMessage(), "\n";
+}
+?>
+--EXPECT--
+Exception: Call to protected method B::f() from context ''
*/
scope = zend_get_executed_scope();
- if (fbc->op_array.fn_flags & ZEND_ACC_CHANGED) {
- zend_function *priv_fbc = zend_get_parent_private(scope, fbc->common.scope, lc_method_name);
- if (priv_fbc) {
- fbc = priv_fbc;
+ do {
+ if (fbc->op_array.fn_flags & ZEND_ACC_CHANGED) {
+ zend_function *priv_fbc = zend_get_parent_private(scope, fbc->common.scope, lc_method_name);
+ if (priv_fbc) {
+ fbc = priv_fbc;
+ break;
+ } else if (!(fbc->op_array.fn_flags & ZEND_ACC_PROTECTED)) {
+ break;
+ }
}
- } else {
+
/* Ensure that if we're calling a protected function, we're allowed to do so.
* If we're not and __call() handler exists, invoke it, otherwise error out.
*/
fbc = NULL;
}
}
- }
+ } while (0);
}
if (UNEXPECTED(!key)) {
projects / php / commitdiff