Fixed altering $this via argument named "this"

diff --git a/NEWS b/NEWS
index bc59054e1f41a482236f9958da46d36dc78e6203..03c1bb5d0d9f3f8004ad08ccb9142ab1570d4e0d 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,7 @@ PHP                                                                        NEWS
 ?? ??? 2007, PHP 5.2.3
 - Fixed ext/filter Email Validation Vulnerability (MOPB-24 by Stefan Esser)
   (Ilia)
+- Fixed altering $this via argument named "this". (Dmitry)
 
 03 May 2007, PHP 5.2.2
 - Improved bundled GD

diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
index 3d4afa8f8124b4e63947e862cf06ba0b1883832d..c660d83cf4d16f8812772bcf259f4fe3bae39816 100644 (file)
--- a/Zend/zend_compile.c
+++ b/Zend/zend_compile.c
@@ -1265,9 +1265,18 @@ void zend_do_end_function_declaration(znode *function_token TSRMLS_DC)
 
 void zend_do_receive_arg(zend_uchar op, znode *var, znode *offset, znode *initialization, znode *class_type, znode *varname, zend_uchar pass_by_reference TSRMLS_DC)
 {
-       zend_op *opline = get_next_op(CG(active_op_array) TSRMLS_CC);
+       zend_op *opline;
        zend_arg_info *cur_arg_info;
 
+       if (CG(active_op_array)->scope &&
+               ((CG(active_op_array)->fn_flags & ZEND_ACC_STATIC) == 0) &&
+               (Z_TYPE(varname->u.constant) == IS_STRING) &&
+               (Z_STRLEN(varname->u.constant) == sizeof("this")-1) &&
+               (memcmp(Z_STRVAL(varname->u.constant), "this", sizeof("this")) == 0)) {
+               zend_error(E_COMPILE_ERROR, "Cannot re-assign $this");
+       }
+
+       opline = get_next_op(CG(active_op_array) TSRMLS_CC);
        CG(active_op_array)->num_args++;
        opline->opcode = op;
        opline->result = *var;