--- /dev/null
+--TEST--
+Bug #52940 (call_user_func_array still allows call-time pass-by-reference)
+--FILE--
+<?php
+function foo($a) {
+ $a++;
+ var_dump($a);
+}
+function bar(&$a) {
+ $a++;
+ var_dump($a);
+}
+$a = 1;
+call_user_func_array("foo", array(&$a));
+var_dump($a);
+call_user_func_array("bar", array(&$a));
+var_dump($a);
+?>
+--EXPECT--
+int(2)
+int(1)
+int(2)
+int(2)
for (i=0; i<fci->param_count; i++) {
zval *param;
- if (EX(function_state).function->type == ZEND_INTERNAL_FUNCTION
- && (EX(function_state).function->common.fn_flags & ZEND_ACC_CALL_VIA_HANDLER) == 0
- && !ARG_SHOULD_BE_SENT_BY_REF(EX(function_state).function, i + 1)
- && PZVAL_IS_REF(*fci->params[i])) {
- SEPARATE_ZVAL(fci->params[i]);
- }
-
- if (ARG_SHOULD_BE_SENT_BY_REF(EX(function_state).function, i + 1)
- && !PZVAL_IS_REF(*fci->params[i])) {
-
- if (Z_REFCOUNT_PP(fci->params[i]) > 1) {
+ if (ARG_SHOULD_BE_SENT_BY_REF(EX(function_state).function, i + 1)) {
+ if (!PZVAL_IS_REF(*fci->params[i]) && Z_REFCOUNT_PP(fci->params[i]) > 1) {
zval *new_zval;
if (fci->no_separation) {
Z_ADDREF_PP(fci->params[i]);
Z_SET_ISREF_PP(fci->params[i]);
param = *fci->params[i];
+ } else if (PZVAL_IS_REF(*fci->params[i]) &&
+ /* don't separate references for __call */
+ (EX(function_state).function->common.fn_flags & ZEND_ACC_CALL_VIA_HANDLER) == 0 ) {
+ ALLOC_ZVAL(param);
+ *param = **(fci->params[i]);
+ INIT_PZVAL(param);
+ zval_copy_ctor(param);
} else if (*fci->params[i] != &EG(uninitialized_zval)) {
Z_ADDREF_PP(fci->params[i]);
param = *fci->params[i];
projects / php / commitdiff