From: Dmitry Stogov Date: Wed, 12 Sep 2018 09:16:50 +0000 (+0300) Subject: Fixed bug #76869 (Incorrect bypassing protected method accessibilty check). X-Git-Tag: php-7.3.0RC2~32 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=655a99d1312b3dfd72a1b9e59b7b9322203f615b;p=php Fixed bug #76869 (Incorrect bypassing protected method accessibilty check). --- diff --git a/NEWS b/NEWS index 555cadd217..c99e0fd17a 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,9 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? ????, PHP 7.3.0RC2 +- Core: + . Fixed bug #76869 (Incorrect bypassing protected method accessibilty check). + (Dmitry) 13 Sep 2018, PHP 7.3.0RC1 diff --git a/Zend/tests/bug76869.phpt b/Zend/tests/bug76869.phpt new file mode 100644 index 0000000000..ba963d4c4e --- /dev/null +++ b/Zend/tests/bug76869.phpt @@ -0,0 +1,23 @@ +--TEST-- +Bug #76869 (Incorrect bypassing protected method accessibilty check) +--FILE-- +f()); +} catch (Throwable $e) { + echo "Exception: ", $e->getMessage(), "\n"; +} +?> +--EXPECT-- +Exception: Call to protected method B::f() from context '' diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c index aa2f5be846..b10e5afb0a 100644 --- a/Zend/zend_object_handlers.c +++ b/Zend/zend_object_handlers.c @@ -1243,12 +1243,17 @@ ZEND_API zend_function *zend_std_get_method(zend_object **obj_ptr, zend_string * */ scope = zend_get_executed_scope(); - if (fbc->op_array.fn_flags & ZEND_ACC_CHANGED) { - zend_function *priv_fbc = zend_get_parent_private(scope, fbc->common.scope, lc_method_name); - if (priv_fbc) { - fbc = priv_fbc; + do { + if (fbc->op_array.fn_flags & ZEND_ACC_CHANGED) { + zend_function *priv_fbc = zend_get_parent_private(scope, fbc->common.scope, lc_method_name); + if (priv_fbc) { + fbc = priv_fbc; + break; + } else if (!(fbc->op_array.fn_flags & ZEND_ACC_PROTECTED)) { + break; + } } - } else { + /* Ensure that if we're calling a protected function, we're allowed to do so. * If we're not and __call() handler exists, invoke it, otherwise error out. */ @@ -1260,7 +1265,7 @@ ZEND_API zend_function *zend_std_get_method(zend_object **obj_ptr, zend_string * fbc = NULL; } } - } + } while (0); } if (UNEXPECTED(!key)) {