Revert "Remove class validation. zend_lookup_class_ex() performs it anyway."

This reverts commit 61cf1355fd53b6556f0502510ba3e1efbd04d242. Class name validation is only performed if key is not passed. Here, lc_name is passed as key.
author: Dmitry Stogov <dmitry@zend.com> 2021-02-20 18:51:03 +0300
committer: Dmitry Stogov <dmitry@zend.com> 2021-02-20 18:51:03 +0300
commit: 3b29f5164dab76392477d67b515baf696d14d29b (patch)
tree: da2991c7e583a7961640b2552c1bb5a8fae0506f
parent: 61cf1355fd53b6556f0502510ba3e1efbd04d242 (diff)
download: php-git-3b29f5164dab76392477d67b515baf696d14d29b.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re
index 6aa9526b86..fb1ab2f496 100644
--- a/ext/standard/var_unserializer.re
+++ b/ext/standard/var_unserializer.re
@@ -1171,6 +1171,12 @@ object ":" uiv ":" ["]	{
 			break;
 		}
 
+		if (!zend_is_valid_class_name(class_name)) {
+			zend_string_release_ex(lc_name, 0);
+			zend_string_release_ex(class_name, 0);
+			return 0;
+		}
+
 		/* Try to find class directly */
 		BG(serialize_lock)++;
 		ce = zend_lookup_class_ex(class_name, lc_name, 0);
author	Dmitry Stogov <dmitry@zend.com>	2021-02-20 18:51:03 +0300
committer	Dmitry Stogov <dmitry@zend.com>	2021-02-20 18:51:03 +0300
commit	3b29f5164dab76392477d67b515baf696d14d29b (patch)
tree	da2991c7e583a7961640b2552c1bb5a8fae0506f
parent	61cf1355fd53b6556f0502510ba3e1efbd04d242 (diff)
download	php-git-3b29f5164dab76392477d67b515baf696d14d29b.tar.gz