Permalink
Browse files

Disallow serialization and unserialization

  • Loading branch information...
1 parent 1823b16 commit f45a0f31c8354947c0e2b9ea44a63fc0a2c23a01 @nikic nikic committed Aug 20, 2012
Showing with 72 additions and 6 deletions.
  1. +46 −0 Zend/tests/generators/errors/serialize_unserialize_error.phpt
  2. +26 −6 Zend/zend_generators.c
@@ -0,0 +1,46 @@
+--TEST--
+Generators can't be serialized or unserialized
+--FILE--
+<?php
+
+function gen() { yield; }
+
+$gen = gen();
+
+try {
+ serialize($gen);
+} catch (Exception $e) {
+ echo $e, "\n\n";
+}
+
+try {
+ var_dump(unserialize('O:9:"Generator":0:{}'));
+} catch (Exception $e) {
+ echo $e, "\n\n";
+}
+
+try {
+ var_dump(unserialize('C:9:"Generator":0:{}'));
+} catch (Exception $e) {
+ echo $e;
+}
+
+?>
+--EXPECTF--
+exception 'Exception' with message 'Serialization of 'Generator' is not allowed' in %s:%d
+Stack trace:
+#0 %s(%d): serialize(Object(Generator))
+#1 {main}
+
+exception 'Exception' with message 'Unserialization of 'Generator' is not allowed' in %s:%d
+Stack trace:
+#0 [internal function]: Generator->__wakeup()
+#1 %s(%d): unserialize('O:9:"Generator"...')
+#2 {main}
+
+
+Notice: unserialize(): Error at offset 19 of 20 bytes in %s on line %d
+exception 'Exception' with message 'Unserialization of 'Generator' is not allowed' in %s:%d
+Stack trace:
+#0 %s(%d): unserialize('C:9:"Generator"...')
+#1 {main}
View
@@ -590,6 +590,23 @@ ZEND_METHOD(Generator, send)
}
}
+
+/* {{{ proto void Generator::__wakeup
+ * Throws an Exception as generators can't be serialized */
+ZEND_METHOD(Generator, __wakeup)
+{
+ /* Just specifying the zend_class_unserialize_deny handler is not enough,
+ * because it is only invoked for C unserialization. For O the error has
+ * to be thrown in __wakeup. */
+
+ if (zend_parse_parameters_none() == FAILURE) {
+ return;
+ }
+
+ zend_throw_exception(NULL, "Unserialization of 'Generator' is not allowed", 0 TSRMLS_CC);
+}
+/* }}} */
+
/* get_iterator implementation */
typedef struct _zend_generator_iterator {
@@ -712,12 +729,13 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_generator_send, 0, 0, 1)
ZEND_END_ARG_INFO()
static const zend_function_entry generator_functions[] = {
- ZEND_ME(Generator, rewind, arginfo_generator_void, ZEND_ACC_PUBLIC)
- ZEND_ME(Generator, valid, arginfo_generator_void, ZEND_ACC_PUBLIC)
- ZEND_ME(Generator, current, arginfo_generator_void, ZEND_ACC_PUBLIC)
- ZEND_ME(Generator, key, arginfo_generator_void, ZEND_ACC_PUBLIC)
- ZEND_ME(Generator, next, arginfo_generator_void, ZEND_ACC_PUBLIC)
- ZEND_ME(Generator, send, arginfo_generator_send, ZEND_ACC_PUBLIC)
+ ZEND_ME(Generator, rewind, arginfo_generator_void, ZEND_ACC_PUBLIC)
+ ZEND_ME(Generator, valid, arginfo_generator_void, ZEND_ACC_PUBLIC)
+ ZEND_ME(Generator, current, arginfo_generator_void, ZEND_ACC_PUBLIC)
+ ZEND_ME(Generator, key, arginfo_generator_void, ZEND_ACC_PUBLIC)
+ ZEND_ME(Generator, next, arginfo_generator_void, ZEND_ACC_PUBLIC)
+ ZEND_ME(Generator, send, arginfo_generator_send, ZEND_ACC_PUBLIC)
+ ZEND_ME(Generator, __wakeup, arginfo_generator_void, ZEND_ACC_PUBLIC)
ZEND_FE_END
};
@@ -729,6 +747,8 @@ void zend_register_generator_ce(TSRMLS_D) /* {{{ */
zend_ce_generator = zend_register_internal_class(&ce TSRMLS_CC);
zend_ce_generator->ce_flags |= ZEND_ACC_FINAL_CLASS;
zend_ce_generator->create_object = zend_generator_create;
+ zend_ce_generator->serialize = zend_class_serialize_deny;
+ zend_ce_generator->unserialize = zend_class_unserialize_deny;
/* get_iterator has to be assigned *after* implementing the inferface */
zend_class_implements(zend_ce_generator TSRMLS_CC, 1, zend_ce_iterator);

0 comments on commit f45a0f3

Please sign in to comment.