}
/* }}} */
+/* {{{ proto int PDO::__wakeup()
+ Prevents use of a PDO instance that has been unserialized */
+static PHP_METHOD(PDO, __wakeup)
+{
+ zend_throw_exception_ex(php_pdo_get_exception(), 0 TSRMLS_CC, "You cannot serialize or unserialize PDO instances");
+}
+/* }}} */
+
+/* {{{ proto int PDO::__sleep()
+ Prevents serialization of a PDO instance */
+static PHP_METHOD(PDO, __sleep)
+{
+ zend_throw_exception_ex(php_pdo_get_exception(), 0 TSRMLS_CC, "You cannot serialize or unserialize PDO instances");
+}
+/* }}} */
+
function_entry pdo_dbh_functions[] = {
PHP_ME_MAPPING(__construct, dbh_constructor, NULL)
PHP_ME(PDO, errorInfo, NULL, ZEND_ACC_PUBLIC)
PHP_ME(PDO, getAttribute, NULL, ZEND_ACC_PUBLIC)
PHP_ME(PDO, quote, NULL, ZEND_ACC_PUBLIC)
+ PHP_ME(PDO, __wakeup, NULL, ZEND_ACC_PUBLIC|ZEND_ACC_FINAL)
+ PHP_ME(PDO, __sleep, NULL, ZEND_ACC_PUBLIC|ZEND_ACC_FINAL)
{NULL, NULL, NULL}
};
}
/* }}} */
+/* {{{ proto int PDOStatement::__wakeup()
+ Prevents use of a PDOStatement instance that has been unserialized */
+static PHP_METHOD(PDOStatement, __wakeup)
+{
+ zend_throw_exception_ex(php_pdo_get_exception(), 0 TSRMLS_CC, "You cannot serialize or unserialize PDOStatement instances");
+}
+/* }}} */
+
+/* {{{ proto int PDOStatement::__sleep()
+ Prevents serialization of a PDOStatement instance */
+static PHP_METHOD(PDOStatement, __sleep)
+{
+ zend_throw_exception_ex(php_pdo_get_exception(), 0 TSRMLS_CC, "You cannot serialize or unserialize PDOStatement instances");
+}
+/* }}} */
function_entry pdo_dbstmt_functions[] = {
PHP_ME(PDOStatement, execute, NULL, ZEND_ACC_PUBLIC)
PHP_ME(PDOStatement, nextRowset, NULL, ZEND_ACC_PUBLIC)
PHP_ME(PDOStatement, closeCursor, NULL, ZEND_ACC_PUBLIC)
PHP_ME(PDOStatement, debugDumpParams, NULL, ZEND_ACC_PUBLIC)
+ PHP_ME(PDOStatement, __wakeup, NULL, ZEND_ACC_PUBLIC|ZEND_ACC_FINAL)
+ PHP_ME(PDOStatement, __sleep, NULL, ZEND_ACC_PUBLIC|ZEND_ACC_FINAL)
{NULL, NULL, NULL}
};
--- /dev/null
+--TEST--
+PDO Common: PECL Bug #5217: serialize/unserialze safety
+--SKIPIF--
+<?php # vim:ft=php
+if (!extension_loaded('pdo')) die('skip');
+$dir = getenv('REDIR_TEST_DIR');
+if (false == $dir) die('skip no driver');
+require_once $dir . 'pdo_test.inc';
+PDOTest::skip();
+?>
+--FILE--
+<?php
+require getenv('REDIR_TEST_DIR') . 'pdo_test.inc';
+$db = PDOTest::factory();
+try {
+ $ser = serialize($db);
+ debug_zval_dump($ser);
+ $db = unserialize($ser);
+ $db->exec('CREATE TABLE test (id int NOT NULL PRIMARY KEY, val VARCHAR(10))');
+} catch (Exception $e) {
+ echo "Safely caught " . $e->getMessage() . "\n";
+}
+
+echo "PHP Didn't crash!\n";
+?>
+--EXPECT--
+Safely caught You cannot serialize or unserialize PDO instances
+PHP Didn't crash!
projects / php / commitdiff