From: Jani Taskinen <jani@php.net>
Date: Sat, 1 Aug 2009 00:48:04 +0000 (+0000)
Subject: - Fixed bug #49074 (private class static fields can be modified by using reflection)
X-Git-Tag: php-5.2.11RC1~65
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f9e548a9e53303ee05aa5520afe7ce8dcfb2890c;p=php

- Fixed bug #49074 (private class static fields can be modified by using reflection)
---

diff --git a/NEWS b/NEWS
index c0e57cc476..877c868048 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,8 @@ PHP                                                                        NEWS
   defined as a file handle. (Ilia)
 - Fixed memory leak in stream_is_local(). (Felipe)
 
+- Fixed bug #49074 (private class static fields can be modified by using
+  reflection). (Jani)
 - Fixed bug #49052 (context option headers freed too early when using
   --with-curlwrappers). (Jani)
 - Fixed bug #49032 (SplFileObject::fscanf() variables passed by reference).
diff --git a/ext/reflection/php_reflection.c b/ext/reflection/php_reflection.c
index 6e1182723b..20c10f4c5d 100644
--- a/ext/reflection/php_reflection.c
+++ b/ext/reflection/php_reflection.c
@@ -2725,12 +2725,17 @@ ZEND_METHOD(reflection_class, getStaticProperties)
 
 		if (zend_hash_get_current_key_ex(CE_STATIC_MEMBERS(ce), &key, &key_len, &num_index, 0, &pos) != FAILURE && key) {
 			char *prop_name, *class_name;
+			zval *prop_copy;
 
 			zend_unmangle_property_name(key, key_len-1, &class_name, &prop_name);
 
-			zval_add_ref(value);
+			/* copy: enforce read only access */
+			ALLOC_ZVAL(prop_copy);
+			*prop_copy = **value;
+			zval_copy_ctor(prop_copy);
+			INIT_PZVAL(prop_copy);
 
-			zend_hash_update(Z_ARRVAL_P(return_value), prop_name, strlen(prop_name)+1, value, sizeof(zval *), NULL);
+			add_assoc_zval(return_value, prop_name, prop_copy);
 		}
 		zend_hash_move_forward_ex(CE_STATIC_MEMBERS(ce), &pos);
 	}