diff options
Diffstat (limited to 'ext/standard/var_unserializer.re')
| -rw-r--r-- | ext/standard/var_unserializer.re | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re index b3f5d29ca..9a9c69333 100644 --- a/ext/standard/var_unserializer.re +++ b/ext/standard/var_unserializer.re @@ -21,6 +21,7 @@ #include "php.h" #include "ext/standard/php_var.h" #include "php_incomplete_class.h" +#include "Zend/zend_interfaces.h" /* {{{ reference-handling for unserializer: var_* */ #define VAR_ENTRIES_MAX 1024 @@ -400,7 +401,11 @@ static inline long object_common1(UNSERIALIZE_PARAMETER, zend_class_entry *ce) (*p) += 2; - if (ce->serialize == NULL) { + /* The internal class check here is a BC fix only, userspace classes implementing the + Serializable interface have eventually an inconsistent behavior at this place when + unserialized from a manipulated string. Additionaly the interal classes can possibly + crash PHP so they're still disabled here. */ + if (ce->serialize == NULL || ce->unserialize == zend_user_unserialize || (ZEND_INTERNAL_CLASS != ce->type && ce->create_object == NULL)) { object_init_ex(*rval, ce); } else { /* If this class implements Serializable, it should not land here but in object_custom(). The passed string |