From 050d299364ded5cb7b878bc515aa763c9c623c4b Mon Sep 17 00:00:00 2001
From: Benjamin Eberlei <kontakt@beberlei.de>
Date: Sun, 28 Apr 2019 17:30:09 +0200
Subject: [PATCH] Fix bug #62397 - disable_functions does not work with eval.

---
 Zend/tests/errmsg_046.phpt | 14 ++++++++++++++
 Zend/zend_API.c            | 12 ++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 Zend/tests/errmsg_046.phpt

diff --git a/Zend/tests/errmsg_046.phpt b/Zend/tests/errmsg_046.phpt
new file mode 100644
index 0000000000..0a4ec50183
--- /dev/null
+++ b/Zend/tests/errmsg_046.phpt
@@ -0,0 +1,14 @@
+--TEST--
+errmsg: disabled eval function
+--INI--
+disable_functions=eval
+--FILE--
+<?php
+
+eval('echo "Eval";');
+
+echo "Done\n";
+?>
+--EXPECTF--
+Warning: eval() has been disabled for security reasons in %s on line %d
+Done
diff --git a/Zend/zend_API.c b/Zend/zend_API.c
index a7a83185ad..a6115db38c 100644
--- a/Zend/zend_API.c
+++ b/Zend/zend_API.c
@@ -2757,6 +2757,12 @@ ZEND_API int zend_set_hash_symbol(zval *symbol, const char *name, int name_lengt
 
 /* Disabled functions support */
 
+zend_op_array *display_disabled_compile_string(zval *source_string, char *filename)
+{
+	zend_error(E_WARNING, "eval() has been disabled for security reasons");
+	return NULL;
+}
+
 /* {{{ proto void display_disabled_function(void)
 Dummy function which displays an error when a disabled function is called. */
 ZEND_API ZEND_FUNCTION(display_disabled_function)
@@ -2768,6 +2774,12 @@ ZEND_API ZEND_FUNCTION(display_disabled_function)
 ZEND_API int zend_disable_function(char *function_name, size_t function_name_length) /* {{{ */
 {
 	zend_internal_function *func;
+
+	if (strcmp(function_name, "eval") == 0) {
+		zend_compile_string = display_disabled_compile_string;
+		return SUCCESS;
+	}
+
 	if ((func = zend_hash_str_find_ptr(CG(function_table), function_name, function_name_length))) {
 	    func->fn_flags &= ~(ZEND_ACC_VARIADIC | ZEND_ACC_HAS_TYPE_HINTS);
 		func->num_args = 0;
-- 
2.40.0