Add fix for 2011-3379 from r317183 from PHP's repository.

Bump PKGREVISION.

1 files changed, 29 insertions, 0 deletions

diff --git a/lang/php53/patches/patch-Zend_zend__builtin__functions.c b/lang/php53/patches/patch-Zend_zend__builtin__functions.c
new file mode 100644
index 00000000000..8b5089bca1a
--- /dev/null
+++ b/lang/php53/patches/patch-Zend_zend__builtin__functions.c
@@ -0,0 +1,29 @@
+$NetBSD: patch-Zend_zend__builtin__functions.c,v 1.1 2011/10/20 13:32:20 taca Exp $
+
+* Fix for 2011-3379 from r317183 from PHP's repository.
+
+--- Zend/zend_builtin_functions.c.orig	2011-08-08 14:54:50.000000000 +0000
++++ Zend/zend_builtin_functions.c
+@@ -816,13 +816,19 @@ static void is_a_impl(INTERNAL_FUNCTION_
+ 	int class_name_len;
+ 	zend_class_entry *instance_ce;
+ 	zend_class_entry **ce;
++	zend_bool allow_string = only_subclass;
+ 	zend_bool retval;
+ 
+-	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zs", &obj, &class_name, &class_name_len) == FAILURE) {
++	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zs|b", &obj, &class_name, &class_name_len, &allow_string) == FAILURE) {
+ 		return;
+ 	}
+-	
+-	if (Z_TYPE_P(obj) == IS_STRING) {
++	/*
++	   allow_string - is_a default is no, is_subclass_of is yes. 
++	   if it's allowed, then the autoloader will be called if the class does not exist.
++	   default behaviour is different, as 'is_a' usage is normally to test mixed return values 
++	*/
++
++	if (allow_string && Z_TYPE_P(obj) == IS_STRING) {
+ 		zend_class_entry **the_ce;
+ 		if (zend_lookup_class(Z_STRVAL_P(obj), Z_STRLEN_P(obj), &the_ce TSRMLS_CC) == FAILURE) {
+ 			RETURN_FALSE;