Fix bug #62397 - disable_functions does not work with eval.

2025-08-16 05:58:45 +02:00 · 2019-04-28 17:30:09 +02:00 · 2019-04-28 17:30:09 +02:00 · 050d299364
commit 050d299364
parent f1a53501e6
2 changed files with 26 additions and 0 deletions
--- a/Zend/tests/errmsg_046.phpt
+++ b/Zend/tests/errmsg_046.phpt
@ -0,0 +1,14 @@
+--TEST--
+errmsg: disabled eval function
+--INI--
+disable_functions=eval
+--FILE--
+<?php
+
+eval('echo "Eval";');
+
+echo "Done\n";
+?>
+--EXPECTF--
+Warning: eval() has been disabled for security reasons in %s on line %d
+Done
--- a/Zend/zend_API.c
+++ b/Zend/zend_API.c
@ -2757,6 +2757,12 @@ ZEND_API int zend_set_hash_symbol(zval *symbol, const char *name, int name_lengt

 /* Disabled functions support */

+zend_op_array *display_disabled_compile_string(zval *source_string, char *filename)
+{
+	zend_error(E_WARNING, "eval() has been disabled for security reasons");
+	return NULL;
+}
+
 /* {{{ proto void display_disabled_function(void)
 Dummy function which displays an error when a disabled function is called. */
 ZEND_API ZEND_FUNCTION(display_disabled_function)
@ -2768,6 +2774,12 @@ ZEND_API ZEND_FUNCTION(display_disabled_function)
 ZEND_API int zend_disable_function(char *function_name, size_t function_name_length) /* {{{ */
 {
 	zend_internal_function *func;
+
+	if (strcmp(function_name, "eval") == 0) {
+		zend_compile_string = display_disabled_compile_string;
+		return SUCCESS;
+	}
+
 	if ((func = zend_hash_str_find_ptr(CG(function_table), function_name, function_name_length))) {
 	    func->fn_flags &= ~(ZEND_ACC_VARIADIC | ZEND_ACC_HAS_TYPE_HINTS);
 		func->num_args = 0;