From: Dmitry Stogov <dmitry@php.net>
Date: Thu, 21 Feb 2008 13:55:22 +0000 (+0000)
Subject: Fixed bug #44141 (private parent constructor callable through static function)
X-Git-Tag: php-5.2.6RC1~28
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=28306e34398a7e9e26b8fe777d477e08077a0406;p=php

Fixed bug #44141 (private parent constructor callable through static function)
---

diff --git a/NEWS b/NEWS
index 3f40181fdb..b18feed911 100644
--- a/NEWS
+++ b/NEWS
@@ -20,6 +20,8 @@ PHP                                                                        NEWS
 - Fixed bug #44159 (Crash: $pdo->setAttribute(PDO::STATEMENT_ATTR_CLASS, NULL)).
   (Felipe)
 - Fixed bug #44152 (Possible crash with syslog logging on ZTS builds). (Ilia)
+- Fixed bug #44141 (private parent constructor callable through static
+  function). (Dmitry)
 - Fixed bug #44069 (Huge memory usage with concatenation using . instead of
   .=). (Dmitry)
 - Fixed bug #44046 (crash inside array_slice() function with an invalid
diff --git a/Zend/tests/bug44141.phpt b/Zend/tests/bug44141.phpt
new file mode 100644
index 0000000000..1a9ee892b6
--- /dev/null
+++ b/Zend/tests/bug44141.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Bug #44141 (private parent constructor callable through static function)
+--FILE--
+<?php
+class X
+{
+        public $x;
+        private function __construct($x)
+        {
+                $this->x = $x;
+        }
+}
+
+class Y extends X
+{
+        static public function cheat($x)
+        {
+                return new Y($x);
+        }
+}
+
+$y = Y::cheat(5);
+echo $y->x, PHP_EOL;
+--EXPECTF--
+Fatal error: Call to private X::__construct() from context 'Y' in %sbug44141.php on line 15
diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c
index f10a800b72..42b687eff7 100644
--- a/Zend/zend_object_handlers.c
+++ b/Zend/zend_object_handlers.c
@@ -944,7 +944,7 @@ ZEND_API union _zend_function *zend_std_get_constructor(zval *object TSRMLS_DC)
 		} else if (constructor->op_array.fn_flags & ZEND_ACC_PRIVATE) {
 			/* Ensure that if we're calling a private function, we're allowed to do so.
 			 */
-			if (Z_OBJ_HANDLER_P(object, get_class_entry)(object TSRMLS_CC) != EG(scope)) {
+			if (constructor->common.scope != EG(scope)) {
 				if (EG(scope)) {
 					zend_error(E_ERROR, "Call to private %s::%s() from context '%s'", constructor->common.scope->name, constructor->common.function_name, EG(scope)->name);
 				} else {