diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2020-08-28 10:06:01 +0200 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-08-28 10:06:01 +0200 |
commit | df5011f56c0953e711dc1c5ef91466ac145b310b (patch) | |
tree | a6cfbc344a64c48e962d258f15eccc6d2b838c8c | |
parent | c47011ba057f49aa548302f3647e5a4e4ffaff85 (diff) | |
download | php-git-df5011f56c0953e711dc1c5ef91466ac145b310b.tar.gz |
Export and reuse zend_is_valid_class_name API
Unserialization does the same check as zend_lookup_class, so let's
share the same optimized implementation.
-rw-r--r-- | Zend/zend_execute.h | 1 | ||||
-rw-r--r-- | Zend/zend_execute_API.c | 2 | ||||
-rw-r--r-- | ext/standard/var_unserializer.re | 11 |
3 files changed, 6 insertions, 8 deletions
diff --git a/Zend/zend_execute.h b/Zend/zend_execute.h index f93a9f5e0e..9bf4a5aeb0 100644 --- a/Zend/zend_execute.h +++ b/Zend/zend_execute.h @@ -43,6 +43,7 @@ ZEND_API void zend_init_code_execute_data(zend_execute_data *execute_data, zend_ ZEND_API void zend_execute(zend_op_array *op_array, zval *return_value); ZEND_API void execute_ex(zend_execute_data *execute_data); ZEND_API void execute_internal(zend_execute_data *execute_data, zval *return_value); +ZEND_API zend_bool zend_is_valid_class_name(zend_string *name); ZEND_API zend_class_entry *zend_lookup_class(zend_string *name); ZEND_API zend_class_entry *zend_lookup_class_ex(zend_string *name, zend_string *lcname, uint32_t flags); ZEND_API zend_class_entry *zend_get_called_scope(zend_execute_data *ex); diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c index 0e721c451e..026a29bffc 100644 --- a/Zend/zend_execute_API.c +++ b/Zend/zend_execute_API.c @@ -991,7 +991,7 @@ static const uint32_t valid_chars[8] = { 0xffffffff, }; -static zend_bool zend_is_valid_class_name(zend_string *name) { +ZEND_API zend_bool zend_is_valid_class_name(zend_string *name) { for (size_t i = 0; i < ZSTR_LEN(name); i++) { unsigned char c = ZSTR_VAL(name)[i]; if (!ZEND_BIT_TEST(valid_chars, c)) { diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re index 928cf29392..6680e00645 100644 --- a/ext/standard/var_unserializer.re +++ b/ext/standard/var_unserializer.re @@ -1013,7 +1013,7 @@ use_double: } object ":" uiv ":" ["] { - size_t len, len3, maxlen; + size_t len, maxlen; zend_long elements; char *str; zend_string *class_name; @@ -1051,15 +1051,12 @@ object ":" uiv ":" ["] { return 0; } - len3 = strspn(str, "0123456789_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\177\200\201\202\203\204\205\206\207\210\211\212\213\214\215\216\217\220\221\222\223\224\225\226\227\230\231\232\233\234\235\236\237\240\241\242\243\244\245\246\247\250\251\252\253\254\255\256\257\260\261\262\263\264\265\266\267\270\271\272\273\274\275\276\277\300\301\302\303\304\305\306\307\310\311\312\313\314\315\316\317\320\321\322\323\324\325\326\327\330\331\332\333\334\335\336\337\340\341\342\343\344\345\346\347\350\351\352\353\354\355\356\357\360\361\362\363\364\365\366\367\370\371\372\373\374\375\376\377\\"); - if (len3 != len) - { - *p = YYCURSOR + len3 - len; + class_name = zend_string_init(str, len, 0); + if (!zend_is_valid_class_name(class_name)) { + zend_string_release_ex(class_name, 0); return 0; } - class_name = zend_string_init(str, len, 0); - do { if(!unserialize_allowed_class(class_name, var_hash)) { incomplete_class = 1; |