Fixed bug #49800 (SimpleXML allow (un)serialize() calls without warning).

# original patch by wmeler at wp-sa dot pl

diff --git a/NEWS b/NEWS
index f066da5c8bf8a4dc0f5184b84bba10f8500b104a..61953d8de5a3ddb870f7125843678b600ff8e267 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,8 @@ PHP                                                                        NEWS
 - Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz 
   Stachowiak.  (Rasmus)
 
+- Fixed bug #49800 (SimpleXML allow (un)serialize() calls without warning).
+  (Ilia, wmeler at wp-sa dot pl)
 - Fixed bug #49757 (long2ip() can return wrong value in a multi-threaded
   applications). (Ilia, Florian Anderiasch)
 - Fixed bug #49738 (calling mcrypt() after mcrypt_generic_deinit() crashes).

diff --git a/ext/simplexml/simplexml.c b/ext/simplexml/simplexml.c
index b7be14f7131059d2fb8941450f8ac2424a163f06..20dff1e7acee3b3f7da57fda1f29c68b84b9ac0e 100644 (file)
--- a/ext/simplexml/simplexml.c
+++ b/ext/simplexml/simplexml.c
@@ -2412,6 +2412,8 @@ PHP_MINIT_FUNCTION(simplexml)
        sxe_class_entry = zend_register_internal_class(&sxe TSRMLS_CC);
        sxe_class_entry->get_iterator = php_sxe_get_iterator;
        sxe_class_entry->iterator_funcs.funcs = &php_sxe_iterator_funcs;
+       sxe_class_entry->serialize = zend_class_serialize_deny;
+       sxe_class_entry->unserialize = zend_class_unserialize_deny;
        zend_class_implements(sxe_class_entry TSRMLS_CC, 1, zend_ce_traversable);
        sxe_object_handlers.get_method = zend_get_std_object_handlers()->get_method;
        sxe_object_handlers.get_constructor = zend_get_std_object_handlers()->get_constructor;