- Fixed bug #49074 (private class static fields can be modified by using reflection)

diff --git a/NEWS b/NEWS
index c0e57cc47642cda92dbc23f2078bbd3f15266269..877c8680482d7018aab5033f18cefb5f4b354597 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,8 @@ PHP                                                                        NEWS
   defined as a file handle. (Ilia)
 - Fixed memory leak in stream_is_local(). (Felipe)
 
+- Fixed bug #49074 (private class static fields can be modified by using
+  reflection). (Jani)
 - Fixed bug #49052 (context option headers freed too early when using
   --with-curlwrappers). (Jani)
 - Fixed bug #49032 (SplFileObject::fscanf() variables passed by reference).

diff --git a/ext/reflection/php_reflection.c b/ext/reflection/php_reflection.c
index 6e1182723ba1ee531b75a8dc71253825b2d9c95b..20c10f4c5d4798853a2475eb51a0fd1a23bd5ab9 100644 (file)
--- a/ext/reflection/php_reflection.c
+++ b/ext/reflection/php_reflection.c
@@ -2725,12 +2725,17 @@ ZEND_METHOD(reflection_class, getStaticProperties)
 
                if (zend_hash_get_current_key_ex(CE_STATIC_MEMBERS(ce), &key, &key_len, &num_index, 0, &pos) != FAILURE && key) {
                        char *prop_name, *class_name;
+                       zval *prop_copy;
 
                        zend_unmangle_property_name(key, key_len-1, &class_name, &prop_name);
 
-                       zval_add_ref(value);
+                       /* copy: enforce read only access */
+                       ALLOC_ZVAL(prop_copy);
+                       *prop_copy = **value;
+                       zval_copy_ctor(prop_copy);
+                       INIT_PZVAL(prop_copy);
 
-                       zend_hash_update(Z_ARRVAL_P(return_value), prop_name, strlen(prop_name)+1, value, sizeof(zval *), NULL);
+                       add_assoc_zval(return_value, prop_name, prop_copy);
                }
                zend_hash_move_forward_ex(CE_STATIC_MEMBERS(ce), &pos);
        }