archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Add flag to forbid dynamic property creation on internal classes

Browse source 
While performing resource -> object migrations, we're adding
defensive classes that are final, non-serializable and non-clonable
(unless they are, of course). This path adds a ZEND_ACC_NO_DYNAMIC_PROPERTIES
flag, that also forbids the creation of dynamic properties on these objects.
This is a subset of #3931 and targeted at internal usage only
(though may be extended to userland at some point in the future).

It's already possible to achieve this (what the removed
WeakRef/WeakMap code does), but there's some caveats: First, this
simple approach is only possible if the class has no declared
properties, otherwise it's necessary to special-case those
properties. Second, it's easy to make it overly strict, e.g. by
forbidding isset($obj->prop) as well. And finally, it requires a
lot of boilerplate code for each class.

Closes GH-5572.
This commit is contained in:
Nikita Popov 2020-05-14 11:51:36 +02:00
parent 2a28589c7d
commit 653e4ea1c5
13 changed files with 53 additions and 97 deletions
Download patch file Download diff file Expand all files Collapse all files

2
ext/xml/xml.c
View file

@ -257,7 +257,7 @@ PHP_MINIT_FUNCTION(xml)
INIT_CLASS_ENTRY(ce, "XmlParser", class_XMLParser_methods);
xml_parser_ce = zend_register_internal_class(&ce);
xml_parser_ce->create_object = xml_parser_create_object;
xml_parser_ce->ce_flags |= ZEND_ACC_FINAL;
xml_parser_ce->ce_flags |= ZEND_ACC_FINAL | ZEND_ACC_NO_DYNAMIC_PROPERTIES;
xml_parser_ce->serialize = zend_class_serialize_deny;
xml_parser_ce->unserialize = zend_class_unserialize_deny;