From d8ce0568ef745a9cc1815c8387f4f83e3339280d Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Fri, 4 May 2007 06:18:53 +0000 Subject: [PATCH] Fixed altering $this via argument named "this" --- NEWS | 1 + Zend/zend_compile.c | 11 ++++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index bc59054e1f..03c1bb5d0d 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,7 @@ PHP NEWS ?? ??? 2007, PHP 5.2.3 - Fixed ext/filter Email Validation Vulnerability (MOPB-24 by Stefan Esser) (Ilia) +- Fixed altering $this via argument named "this". (Dmitry) 03 May 2007, PHP 5.2.2 - Improved bundled GD diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c index 3d4afa8f81..c660d83cf4 100644 --- a/Zend/zend_compile.c +++ b/Zend/zend_compile.c @@ -1265,9 +1265,18 @@ void zend_do_end_function_declaration(znode *function_token TSRMLS_DC) void zend_do_receive_arg(zend_uchar op, znode *var, znode *offset, znode *initialization, znode *class_type, znode *varname, zend_uchar pass_by_reference TSRMLS_DC) { - zend_op *opline = get_next_op(CG(active_op_array) TSRMLS_CC); + zend_op *opline; zend_arg_info *cur_arg_info; + if (CG(active_op_array)->scope && + ((CG(active_op_array)->fn_flags & ZEND_ACC_STATIC) == 0) && + (Z_TYPE(varname->u.constant) == IS_STRING) && + (Z_STRLEN(varname->u.constant) == sizeof("this")-1) && + (memcmp(Z_STRVAL(varname->u.constant), "this", sizeof("this")) == 0)) { + zend_error(E_COMPILE_ERROR, "Cannot re-assign $this"); + } + + opline = get_next_op(CG(active_op_array) TSRMLS_CC); CG(active_op_array)->num_args++; opline->opcode = op; opline->result = *var; -- 2.50.1