From: Dmitry Stogov Date: Fri, 4 May 2007 06:18:53 +0000 (+0000) Subject: Fixed altering $this via argument named "this" X-Git-Tag: php-5.2.3RC1~173 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d8ce0568ef745a9cc1815c8387f4f83e3339280d;p=php Fixed altering $this via argument named "this" --- diff --git a/NEWS b/NEWS index bc59054e1f..03c1bb5d0d 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,7 @@ PHP NEWS ?? ??? 2007, PHP 5.2.3 - Fixed ext/filter Email Validation Vulnerability (MOPB-24 by Stefan Esser) (Ilia) +- Fixed altering $this via argument named "this". (Dmitry) 03 May 2007, PHP 5.2.2 - Improved bundled GD diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c index 3d4afa8f81..c660d83cf4 100644 --- a/Zend/zend_compile.c +++ b/Zend/zend_compile.c @@ -1265,9 +1265,18 @@ void zend_do_end_function_declaration(znode *function_token TSRMLS_DC) void zend_do_receive_arg(zend_uchar op, znode *var, znode *offset, znode *initialization, znode *class_type, znode *varname, zend_uchar pass_by_reference TSRMLS_DC) { - zend_op *opline = get_next_op(CG(active_op_array) TSRMLS_CC); + zend_op *opline; zend_arg_info *cur_arg_info; + if (CG(active_op_array)->scope && + ((CG(active_op_array)->fn_flags & ZEND_ACC_STATIC) == 0) && + (Z_TYPE(varname->u.constant) == IS_STRING) && + (Z_STRLEN(varname->u.constant) == sizeof("this")-1) && + (memcmp(Z_STRVAL(varname->u.constant), "this", sizeof("this")) == 0)) { + zend_error(E_COMPILE_ERROR, "Cannot re-assign $this"); + } + + opline = get_next_op(CG(active_op_array) TSRMLS_CC); CG(active_op_array)->num_args++; opline->opcode = op; opline->result = *var;