From 3b29f5164dab76392477d67b515baf696d14d29b Mon Sep 17 00:00:00 2001
From: Dmitry Stogov <dmitry@zend.com>
Date: Sat, 20 Feb 2021 18:51:03 +0300
Subject: Revert "Remove class validation. zend_lookup_class_ex() performs it
 anyway."

This reverts commit 61cf1355fd53b6556f0502510ba3e1efbd04d242.

Class name validation is only performed if key is not passed. Here, lc_name is passed as key.
---
 ext/standard/var_unserializer.re | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re
index 6aa9526b86..fb1ab2f496 100644
--- a/ext/standard/var_unserializer.re
+++ b/ext/standard/var_unserializer.re
@@ -1171,6 +1171,12 @@ object ":" uiv ":" ["]	{
 			break;
 		}
 
+		if (!zend_is_valid_class_name(class_name)) {
+			zend_string_release_ex(lc_name, 0);
+			zend_string_release_ex(class_name, 0);
+			return 0;
+		}
+
 		/* Try to find class directly */
 		BG(serialize_lock)++;
 		ce = zend_lookup_class_ex(class_name, lc_name, 0);
-- 
cgit v1.2.1