From 72bf2def6b718ae9ca243b6a9ab9a3a85d255f96 Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Thu, 13 Sep 2018 12:24:59 +0300 Subject: [PATCH] Make visibilty check in is_callable() to be consistent with zend_std_get_method() --- Zend/zend_API.c | 47 ++++++++++++++++------------------------------- 1 file changed, 16 insertions(+), 31 deletions(-) diff --git a/Zend/zend_API.c b/Zend/zend_API.c index 0cf6ef0c08..7f7a9d7f1a 100644 --- a/Zend/zend_API.c +++ b/Zend/zend_API.c @@ -3097,24 +3097,17 @@ static zend_always_inline int zend_is_callable_check_func(int check_flags, zval } } } - if ((check_flags & IS_CALLABLE_CHECK_NO_ACCESS) == 0 && + if (!(fcc->function_handler->common.fn_flags & ZEND_ACC_PUBLIC) && + !(check_flags & IS_CALLABLE_CHECK_NO_ACCESS) && (fcc->calling_scope && ((fcc->object && fcc->calling_scope->__call) || (!fcc->object && fcc->calling_scope->__callstatic)))) { - if (fcc->function_handler->op_array.fn_flags & ZEND_ACC_PRIVATE) { - scope = zend_get_executed_scope(); - if (!zend_check_private(fcc->function_handler, fcc->object ? fcc->object->ce : scope, lmname)) { - retval = 0; - fcc->function_handler = NULL; - goto get_function_via_handler; - } - } else if (fcc->function_handler->common.fn_flags & ZEND_ACC_PROTECTED) { - scope = zend_get_executed_scope(); - if (!zend_check_protected(fcc->function_handler->common.scope, scope)) { - retval = 0; - fcc->function_handler = NULL; - goto get_function_via_handler; - } + scope = zend_get_executed_scope(); + if (fcc->function_handler->common.scope != scope + || !zend_check_protected(zend_get_function_root_class(fcc->function_handler), scope)) { + retval = 0; + fcc->function_handler = NULL; + goto get_function_via_handler; } } } else { @@ -3200,26 +3193,18 @@ get_function_via_handler: } } } - if (retval && (check_flags & IS_CALLABLE_CHECK_NO_ACCESS) == 0) { - if (fcc->function_handler->op_array.fn_flags & ZEND_ACC_PRIVATE) { - scope = zend_get_executed_scope(); - if (!zend_check_private(fcc->function_handler, fcc->object ? fcc->object->ce : scope, lmname)) { - if (error) { - if (*error) { - efree(*error); - } - zend_spprintf(error, 0, "cannot access private method %s::%s()", ZSTR_VAL(fcc->calling_scope->name), ZSTR_VAL(fcc->function_handler->common.function_name)); - } - retval = 0; - } - } else if ((fcc->function_handler->common.fn_flags & ZEND_ACC_PROTECTED)) { - scope = zend_get_executed_scope(); - if (!zend_check_protected(fcc->function_handler->common.scope, scope)) { + if (retval + && !(fcc->function_handler->common.fn_flags & ZEND_ACC_PUBLIC) + && !(check_flags & IS_CALLABLE_CHECK_NO_ACCESS)) { + scope = zend_get_executed_scope(); + if (fcc->function_handler->common.scope != scope) { + if ((fcc->function_handler->common.fn_flags & ZEND_ACC_PRIVATE) + || (!zend_check_protected(zend_get_function_root_class(fcc->function_handler), scope))) { if (error) { if (*error) { efree(*error); } - zend_spprintf(error, 0, "cannot access protected method %s::%s()", ZSTR_VAL(fcc->calling_scope->name), ZSTR_VAL(fcc->function_handler->common.function_name)); + zend_spprintf(error, 0, "cannot access %s method %s::%s()", zend_visibility_string(fcc->function_handler->common.fn_flags), ZSTR_VAL(fcc->calling_scope->name), ZSTR_VAL(fcc->function_handler->common.function_name)); } retval = 0; } -- 2.40.0