From 52376c177dc10993dccdaa1ff20c347c8dda6d0a Mon Sep 17 00:00:00 2001
From: Mark <mrandall@digitellinc.com>
Date: Fri, 4 Oct 2019 20:38:49 +0100
Subject: [PATCH] Fix bug #78563

Make XmlParser final, unclonable and unserializable.

Closes GH-4778.
---
 ext/xml/tests/bug78563.phpt           | 17 +++++++++++++++++
 ext/xml/tests/bug78563_final.phpt     | 15 +++++++++++++++
 ext/xml/tests/bug78563_serialize.phpt | 18 ++++++++++++++++++
 ext/xml/xml.c                         |  8 ++++++--
 4 files changed, 56 insertions(+), 2 deletions(-)
 create mode 100644 ext/xml/tests/bug78563.phpt
 create mode 100644 ext/xml/tests/bug78563_final.phpt
 create mode 100644 ext/xml/tests/bug78563_serialize.phpt

diff --git a/ext/xml/tests/bug78563.phpt b/ext/xml/tests/bug78563.phpt
new file mode 100644
index 0000000000..3203bbddc6
--- /dev/null
+++ b/ext/xml/tests/bug78563.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #78563: parsers should not be clonable
+--SKIPIF--
+<?php include("skipif.inc"); ?>
+--FILE--
+<?php
+
+$parser = xml_parser_create();
+clone $parser;
+
+?>
+===DONE===
+--EXPECTF--
+Fatal error: Uncaught Error: Trying to clone an uncloneable object of class XmlParser in %s:%d
+Stack trace:
+#0 {main}
+  thrown in %s on line %d
diff --git a/ext/xml/tests/bug78563_final.phpt b/ext/xml/tests/bug78563_final.phpt
new file mode 100644
index 0000000000..23fac0d9bf
--- /dev/null
+++ b/ext/xml/tests/bug78563_final.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Bug #78563: parsers should not be extendable
+--SKIPIF--
+<?php include("skipif.inc"); ?>
+--FILE--
+<?php
+
+class Dummy extends Xmlparser {
+
+}
+
+?>
+===DONE===
+--EXPECTF--
+Fatal error: Class Dummy may not inherit from final class (XmlParser) in %s on line %d
diff --git a/ext/xml/tests/bug78563_serialize.phpt b/ext/xml/tests/bug78563_serialize.phpt
new file mode 100644
index 0000000000..d480446d24
--- /dev/null
+++ b/ext/xml/tests/bug78563_serialize.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Bug #78563: parsers should not be serializable
+--SKIPIF--
+<?php include("skipif.inc"); ?>
+--FILE--
+<?php
+
+$parser = xml_parser_create();
+serialize($parser);
+
+?>
+===DONE===
+--EXPECTF--
+Fatal error: Uncaught Exception: Serialization of 'XmlParser' is not allowed in %s:%d
+Stack trace:
+#0 %s(%d): serialize(Object(XmlParser))
+#1 {main}
+  thrown in %s on line %d
diff --git a/ext/xml/xml.c b/ext/xml/xml.c
index f0ffcac961..a033accfdb 100644
--- a/ext/xml/xml.c
+++ b/ext/xml/xml.c
@@ -26,6 +26,7 @@
 #include "ext/standard/php_string.h"
 #include "ext/standard/info.h"
 #include "ext/standard/html.h"
+#include "zend_interfaces.h"
 
 #if HAVE_XML
 
@@ -308,15 +309,18 @@ PHP_MINIT_FUNCTION(xml)
 {
 	zend_class_entry ce;
 	INIT_CLASS_ENTRY(ce, "XmlParser", xml_parser_methods);
-	ce.create_object = xml_parser_create_object;
-	ce.ce_flags |= ZEND_ACC_FINAL;
 	xml_parser_ce = zend_register_internal_class(&ce);
+	xml_parser_ce->create_object = xml_parser_create_object;
+	xml_parser_ce->ce_flags |= ZEND_ACC_FINAL;
+	xml_parser_ce->serialize = zend_class_serialize_deny;
+	xml_parser_ce->unserialize = zend_class_unserialize_deny;
 
 	memcpy(&xml_parser_object_handlers, &std_object_handlers, sizeof(zend_object_handlers));
 	xml_parser_object_handlers.offset = XtOffsetOf(xml_parser, std);
 	xml_parser_object_handlers.free_obj = xml_parser_free_obj;
 	xml_parser_object_handlers.get_gc = xml_parser_get_gc;
 	xml_parser_object_handlers.get_constructor = xml_parser_get_constructor;
+	xml_parser_object_handlers.clone_obj = NULL;
 
 	REGISTER_LONG_CONSTANT("XML_ERROR_NONE", XML_ERROR_NONE, CONST_CS|CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("XML_ERROR_NO_MEMORY", XML_ERROR_NO_MEMORY, CONST_CS|CONST_PERSISTENT);
-- 
2.40.0