Added type checks

diff --git a/ext/soap/php_encoding.c b/ext/soap/php_encoding.c
index fd9e367872cc35cb9d18d2e316327625380a5f85..31f1f7c800494b8387ae42876a589f2ec8bc4005 100644 (file)
--- a/ext/soap/php_encoding.c
+++ b/ext/soap/php_encoding.c
@@ -404,12 +404,15 @@ static xmlNodePtr master_to_xml_int(encodePtr encode, zval *data, int style, xml
                encodePtr enc = NULL;
                HashTable *ht = Z_OBJPROP_P(data);
 
-               if (zend_hash_find(ht, "enc_type", sizeof("enc_type"), (void **)&ztype) == FAILURE) {
+               if (zend_hash_find(ht, "enc_type", sizeof("enc_type"), (void **)&ztype) == FAILURE ||
+                   Z_TYPE_PP(ztype) != IS_LONG) {
                        soap_error0(E_ERROR, "Encoding: SoapVar has no 'enc_type' property");
                }
 
-               if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS) {
-                       if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS) {
+               if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS &&
+                   Z_TYPE_PP(zstype) == IS_STRING) {
+                       if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS &&
+                           Z_TYPE_PP(zns) == IS_STRING) {
                                enc = get_encoder(SOAP_GLOBAL(sdl), Z_STRVAL_PP(zns), Z_STRVAL_PP(zstype));
                        } else {
                                zns = NULL;
@@ -445,8 +448,10 @@ static xmlNodePtr master_to_xml_int(encodePtr encode, zval *data, int style, xml
                }
 
                if (style == SOAP_ENCODED || (SOAP_GLOBAL(sdl) && encode != enc)) {
-                       if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS) {
-                               if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS) {
+                       if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS &&
+                           Z_TYPE_PP(zstype) == IS_STRING) {
+                               if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS &&
+                                   Z_TYPE_PP(zns) == IS_STRING) {
                                        set_ns_and_type_ex(node, Z_STRVAL_PP(zns), Z_STRVAL_PP(zstype));
                                } else {
                                        set_ns_and_type_ex(node, NULL, Z_STRVAL_PP(zstype));
@@ -454,10 +459,12 @@ static xmlNodePtr master_to_xml_int(encodePtr encode, zval *data, int style, xml
                        }
                }
 
-               if (zend_hash_find(ht, "enc_name", sizeof("enc_name"), (void **)&zname) == SUCCESS) {
+               if (zend_hash_find(ht, "enc_name", sizeof("enc_name"), (void **)&zname) == SUCCESS &&
+                   Z_TYPE_PP(zname) == IS_STRING) {
                        xmlNodeSetName(node, BAD_CAST(Z_STRVAL_PP(zname)));
                }
-               if (zend_hash_find(ht, "enc_namens", sizeof("enc_namens"), (void **)&znamens) == SUCCESS) {
+               if (zend_hash_find(ht, "enc_namens", sizeof("enc_namens"), (void **)&znamens) == SUCCESS &&
+                   Z_TYPE_PP(zname) == IS_STRING) {
                        xmlNsPtr nsp = encode_add_ns(node, Z_STRVAL_PP(znamens));
                        xmlSetNs(node, nsp);
                }

diff --git a/ext/soap/soap.c b/ext/soap/soap.c
index 9ec6347223d3418d875b377b15b3714e29528a04..d460c1718f31e9c7361b6157a98b99e9805bab64 100644 (file)
--- a/ext/soap/soap.c
+++ b/ext/soap/soap.c
@@ -3979,7 +3979,8 @@ static xmlDocPtr serialize_response_call(sdlFunctionPtr function, char *function
                }
 
                if (version == SOAP_1_1) {
-                       if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS) {
+                       if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS &&
+                           Z_TYPE_PP(tmp) == IS_STRING) {
                                size_t new_len;
                                xmlNodePtr node = xmlNewNode(NULL, BAD_CAST("faultcode"));
                                char *str = php_escape_html_entities((unsigned char*)Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), &new_len, 0, 0, NULL TSRMLS_CC);
@@ -4004,7 +4005,8 @@ static xmlDocPtr serialize_response_call(sdlFunctionPtr function, char *function
                        }
                        detail_name = "detail";
                } else {
-                       if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS) {
+                       if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS &&
+                           Z_TYPE_PP(tmp) == IS_STRING) {
                                size_t new_len;
                                xmlNodePtr node = xmlNewChild(param, ns, BAD_CAST("Code"), NULL);
                                char *str = php_escape_html_entities((unsigned char*)Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), &new_len, 0, 0, NULL TSRMLS_CC);