From 653e4ea1c57def2d5cd75b7da9e3943a841b7d6c Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Thu, 14 May 2020 11:51:36 +0200 Subject: Add flag to forbid dynamic property creation on internal classes While performing resource -> object migrations, we're adding defensive classes that are final, non-serializable and non-clonable (unless they are, of course). This path adds a ZEND_ACC_NO_DYNAMIC_PROPERTIES flag, that also forbids the creation of dynamic properties on these objects. This is a subset of #3931 and targeted at internal usage only (though may be extended to userland at some point in the future). It's already possible to achieve this (what the removed WeakRef/WeakMap code does), but there's some caveats: First, this simple approach is only possible if the class has no declared properties, otherwise it's necessary to special-case those properties. Second, it's easy to make it overly strict, e.g. by forbidding isset($obj->prop) as well. And finally, it requires a lot of boilerplate code for each class. Closes GH-5572. --- ext/xml/xml.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ext/xml') diff --git a/ext/xml/xml.c b/ext/xml/xml.c index f626dd1636..9c2b5db2a8 100644 --- a/ext/xml/xml.c +++ b/ext/xml/xml.c @@ -257,7 +257,7 @@ PHP_MINIT_FUNCTION(xml) INIT_CLASS_ENTRY(ce, "XmlParser", class_XMLParser_methods); xml_parser_ce = zend_register_internal_class(&ce); xml_parser_ce->create_object = xml_parser_create_object; - xml_parser_ce->ce_flags |= ZEND_ACC_FINAL; + xml_parser_ce->ce_flags |= ZEND_ACC_FINAL | ZEND_ACC_NO_DYNAMIC_PROPERTIES; xml_parser_ce->serialize = zend_class_serialize_deny; xml_parser_ce->unserialize = zend_class_unserialize_deny; -- cgit v1.2.1