diff options
| author | Nikita Popov <nikita.ppv@gmail.com> | 2020-10-26 16:50:48 +0100 |
|---|---|---|
| committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-10-26 16:50:48 +0100 |
| commit | 9353f11bd230252e2525197d80747dbab090bff5 (patch) | |
| tree | 0616335e42ae3efb2fa2f59afad985047ae928b2 | |
| parent | cf5d46ba94d1eed672f2bce7b34d3604320cf529 (diff) | |
| parent | 7817fc07e150620be38a16dd29e50c71e51948a7 (diff) | |
| download | php-git-9353f11bd230252e2525197d80747dbab090bff5.tar.gz | |
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
Deny cloning of fileinfo objects
| -rw-r--r-- | ext/fileinfo/fileinfo.c | 1 | ||||
| -rw-r--r-- | ext/fileinfo/tests/clone_serialize.phpt | 27 |
2 files changed, 28 insertions, 0 deletions
diff --git a/ext/fileinfo/fileinfo.c b/ext/fileinfo/fileinfo.c index 8bb76b5657..37d3474bd7 100644 --- a/ext/fileinfo/fileinfo.c +++ b/ext/fileinfo/fileinfo.c @@ -218,6 +218,7 @@ PHP_MINIT_FUNCTION(finfo) memcpy(&finfo_object_handlers, &std_object_handlers, sizeof(zend_object_handlers)); finfo_object_handlers.offset = XtOffsetOf(finfo_object, zo); finfo_object_handlers.free_obj = finfo_objects_free; + finfo_object_handlers.clone_obj = NULL; le_fileinfo = zend_register_list_destructors_ex(finfo_resource_destructor, NULL, "file_info", module_number); diff --git a/ext/fileinfo/tests/clone_serialize.phpt b/ext/fileinfo/tests/clone_serialize.phpt new file mode 100644 index 0000000000..5375526ee4 --- /dev/null +++ b/ext/fileinfo/tests/clone_serialize.phpt @@ -0,0 +1,27 @@ +--TEST-- +Cloning and serializing finfo is not supported +--FILE-- +<?php + +$finfo = new finfo; +var_dump($finfo->buffer("Test string")); +try { + $finfo2 = clone $finfo; + var_dump($finfo2->buffer("Test string")); +} catch (Error $e) { + echo $e->getMessage(), "\n"; +} +try { + $finfo3 = unserialize(serialize($finfo)); + var_dump($finfo3->buffer("Test string")); +} catch (Error $e) { + echo $e->getMessage(), "\n"; +} + +?> +--EXPECTF-- +string(%d) "%s" +Trying to clone an uncloneable object of class finfo + +Warning: finfo::buffer(): The invalid fileinfo object. in %s on line %d +bool(false) |