From 3c68f38fdaec7a6f81f986a639bdd29716cf8f22 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Wed, 2 Dec 2020 17:47:33 +0100 Subject: Restrict allowed usages of $GLOBALS This restricts allowed usage of $GLOBALS, with the effect that plain PHP arrays can no longer contain INDIRECT elements. RFC: https://wiki.php.net/rfc/restrict_globals_usage Closes GH-6487. --- Zend/zend_vm_def.h | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'Zend/zend_vm_def.h') diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index 2932bfbdfa..09193db5ff 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -1727,8 +1727,9 @@ ZEND_VM_C_LABEL(fetch_this): } else if (type == BP_VAR_IS) { retval = &EG(uninitialized_zval); } else { - zend_error(E_WARNING, "Undefined variable $%s", ZSTR_VAL(name)); - if (type == BP_VAR_RW) { + zend_error(E_WARNING, "Undefined %svariable $%s", + (opline->extended_value & ZEND_FETCH_GLOBAL ? "global " : ""), ZSTR_VAL(name)); + if (type == BP_VAR_RW && !EG(exception)) { retval = zend_hash_update(target_symbol_table, name, &EG(uninitialized_zval)); } else { retval = &EG(uninitialized_zval); @@ -1746,8 +1747,9 @@ ZEND_VM_C_LABEL(fetch_this): } else if (type == BP_VAR_IS) { retval = &EG(uninitialized_zval); } else { - zend_error(E_WARNING, "Undefined variable $%s", ZSTR_VAL(name)); - if (type == BP_VAR_RW) { + zend_error(E_WARNING, "Undefined %svariable $%s", + (opline->extended_value & ZEND_FETCH_GLOBAL ? "global " : ""), ZSTR_VAL(name)); + if (type == BP_VAR_RW && !EG(exception)) { ZVAL_NULL(retval); } else { retval = &EG(uninitialized_zval); @@ -8703,6 +8705,16 @@ ZEND_VM_HOT_HANDLER(184, ZEND_FETCH_THIS, UNUSED, UNUSED) } } +ZEND_VM_HANDLER(200, ZEND_FETCH_GLOBALS, UNUSED, UNUSED) +{ + USE_OPLINE + + /* For symbol tables we need to deal with exactly the same problems as for property tables. */ + ZVAL_ARR(EX_VAR(opline->result.var), + zend_proptable_to_symtable(&EG(symbol_table), /* always_duplicate */ 1)); + ZEND_VM_NEXT_OPCODE(); +} + ZEND_VM_HANDLER(186, ZEND_ISSET_ISEMPTY_THIS, UNUSED, UNUSED) { USE_OPLINE -- cgit v1.2.1