From: Ilia Alshanetsky <iliaa@php.net>
Date: Wed, 7 Oct 2009 12:46:29 +0000 (+0000)
Subject: Fixed bug #49800 (SimpleXML allow (un)serialize() calls without warning).
X-Git-Tag: php-5.2.12RC1~82
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a6321016dabd46316fa6c3fa95c83e3c6a6c7f82;p=php

Fixed bug #49800 (SimpleXML allow (un)serialize() calls without warning).

# original patch by wmeler at wp-sa dot pl
---

diff --git a/NEWS b/NEWS
index f066da5c8b..61953d8de5 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,8 @@ PHP                                                                        NEWS
 - Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz 
   Stachowiak.  (Rasmus)
 
+- Fixed bug #49800 (SimpleXML allow (un)serialize() calls without warning).
+  (Ilia, wmeler at wp-sa dot pl)
 - Fixed bug #49757 (long2ip() can return wrong value in a multi-threaded
   applications). (Ilia, Florian Anderiasch)
 - Fixed bug #49738 (calling mcrypt() after mcrypt_generic_deinit() crashes).
diff --git a/ext/simplexml/simplexml.c b/ext/simplexml/simplexml.c
index b7be14f713..20dff1e7ac 100644
--- a/ext/simplexml/simplexml.c
+++ b/ext/simplexml/simplexml.c
@@ -2412,6 +2412,8 @@ PHP_MINIT_FUNCTION(simplexml)
 	sxe_class_entry = zend_register_internal_class(&sxe TSRMLS_CC);
 	sxe_class_entry->get_iterator = php_sxe_get_iterator;
 	sxe_class_entry->iterator_funcs.funcs = &php_sxe_iterator_funcs;
+	sxe_class_entry->serialize = zend_class_serialize_deny;
+	sxe_class_entry->unserialize = zend_class_unserialize_deny;
 	zend_class_implements(sxe_class_entry TSRMLS_CC, 1, zend_ce_traversable);
 	sxe_object_handlers.get_method = zend_get_std_object_handlers()->get_method;
 	sxe_object_handlers.get_constructor = zend_get_std_object_handlers()->get_constructor;