diff options
| author | Nikita Popov <nikita.ppv@gmail.com> | 2020-06-26 12:35:52 +0200 |
|---|---|---|
| committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-06-29 15:56:22 +0200 |
| commit | 6e1990dea6ddc89603b40ea5d389fbca95469620 (patch) | |
| tree | 076a2a0642986689163529f061a820682be8dc45 | |
| parent | 75a04eac978333467ccd98225d7ef21942ce9e91 (diff) | |
| download | php-git-6e1990dea6ddc89603b40ea5d389fbca95469620.tar.gz | |
Don't accept objects instead of arrays in curl
This properly addresses the issue from bug #79741. Silently
interpreting objects as mangled property tables is almost
always a bad idea.
Closes GH-5773.
| -rw-r--r-- | UPGRADING | 5 | ||||
| -rw-r--r-- | ext/curl/interface.c | 20 | ||||
| -rw-r--r-- | ext/curl/tests/bug79741.phpt | 8 | ||||
| -rw-r--r-- | ext/curl/tests/curl_setopt_basic003.phpt | 2 |
4 files changed, 19 insertions, 16 deletions
@@ -201,6 +201,11 @@ PHP 8.0 UPGRADE NOTES com.autoregister_casesensitive may no longer be disabled; case-insensitive markers in com.typelib_file are ignored. +- Curl: + . CURLOPT_POSTFIELDS no longer accepts objects as arrays. To interpret an + object as an array, perform an explicit (array) cast. The same applies to + other options accepting arrays as well. + - Date: . mktime() and gmmktime() now require at least one argument. time() can be used to get the current timestamp. diff --git a/ext/curl/interface.c b/ext/curl/interface.c index 7b16cc861e..e17bfebc59 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -2016,9 +2016,9 @@ static void free_cb(void *arg) /* {{{ */ static inline int build_mime_structure_from_hash(php_curl *ch, zval *zpostfields) /* {{{ */ { + HashTable *postfields = Z_ARRVAL_P(zpostfields); CURLcode error = CURLE_OK; zval *current; - HashTable *postfields; zend_string *string_key; zend_ulong num_key; #if LIBCURL_VERSION_NUM >= 0x073800 /* 7.56.0 */ @@ -2031,12 +2031,6 @@ static inline int build_mime_structure_from_hash(php_curl *ch, zval *zpostfields CURLFORMcode form_error; #endif - postfields = HASH_OF(zpostfields); - if (!postfields) { - php_error_docref(NULL, E_WARNING, "Couldn't get HashTable in CURLOPT_POSTFIELDS"); - return FAILURE; - } - #if LIBCURL_VERSION_NUM >= 0x073800 /* 7.56.0 */ if (zend_hash_num_elements(postfields) > 0) { mime = curl_mime_init(ch->cp); @@ -2046,7 +2040,7 @@ static inline int build_mime_structure_from_hash(php_curl *ch, zval *zpostfields } #endif - ZEND_HASH_FOREACH_KEY_VAL_IND(postfields, num_key, string_key, current) { + ZEND_HASH_FOREACH_KEY_VAL(postfields, num_key, string_key, current) { zend_string *postval, *tmp_postval; /* Pretend we have a string_key here */ if (!string_key) { @@ -2659,8 +2653,7 @@ static int _php_curl_setopt(php_curl *ch, zend_long option, zval *zvalue) /* {{{ zend_string *val, *tmp_val; struct curl_slist *slist = NULL; - ph = HASH_OF(zvalue); - if (!ph) { + if (Z_TYPE_P(zvalue) != IS_ARRAY) { char *name = NULL; switch (option) { case CURLOPT_HTTPHEADER: @@ -2698,11 +2691,12 @@ static int _php_curl_setopt(php_curl *ch, zend_long option, zval *zvalue) /* {{{ break; #endif } - php_error_docref(NULL, E_WARNING, "You must pass either an object or an array with the %s argument", name); + php_error_docref(NULL, E_WARNING, "You must pass an array with the %s argument", name); return FAILURE; } - ZEND_HASH_FOREACH_VAL_IND(ph, current) { + ph = Z_ARRVAL_P(zvalue); + ZEND_HASH_FOREACH_VAL(ph, current) { ZVAL_DEREF(current); val = zval_get_tmp_string(current, &tmp_val); slist = curl_slist_append(slist, ZSTR_VAL(val)); @@ -2745,7 +2739,7 @@ static int _php_curl_setopt(php_curl *ch, zend_long option, zval *zvalue) /* {{{ break; case CURLOPT_POSTFIELDS: - if (Z_TYPE_P(zvalue) == IS_ARRAY || Z_TYPE_P(zvalue) == IS_OBJECT) { + if (Z_TYPE_P(zvalue) == IS_ARRAY) { return build_mime_structure_from_hash(ch, zvalue); } else { zend_string *tmp_str; diff --git a/ext/curl/tests/bug79741.phpt b/ext/curl/tests/bug79741.phpt index 17c3f57e04..3f5a4801b1 100644 --- a/ext/curl/tests/bug79741.phpt +++ b/ext/curl/tests/bug79741.phpt @@ -12,5 +12,9 @@ curl_setopt($ch, CURLOPT_POSTFIELDS, new Test); ?> ===DONE=== ---EXPECT-- -===DONE=== +--EXPECTF-- +Fatal error: Uncaught Error: Object of class Test could not be converted to string in %s:%d +Stack trace: +#0 %s(%d): curl_setopt(Object(CurlHandle), %d, Object(Test)) +#1 {main} + thrown in %s on line %d diff --git a/ext/curl/tests/curl_setopt_basic003.phpt b/ext/curl/tests/curl_setopt_basic003.phpt index 246b83b418..6fbbbca47a 100644 --- a/ext/curl/tests/curl_setopt_basic003.phpt +++ b/ext/curl/tests/curl_setopt_basic003.phpt @@ -39,6 +39,6 @@ var_dump( $curl_content ); --EXPECTF-- *** curl_setopt() call with CURLOPT_HTTPHEADER -Warning: curl_setopt(): You must pass either an object or an array with the CURLOPT_HTTPHEADER argument in %s on line %d +Warning: curl_setopt(): You must pass an array with the CURLOPT_HTTPHEADER argument in %s on line %d bool(false) bool(true) |