php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-19 05:51:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Promote warning to exception in unserialize()

Browse Source
This commit is contained in:
Máté Kocsis
2019-12-10 23:55:07 +01:00
parent f0b5d55c6f
commit 3b0a1905dd
2 changed files with 18 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
ext/standard/tests/serialize/max_depth.phpt
View File

@@ -8,8 +8,17 @@ function create_nested_data($depth, $prefix, $suffix, $inner = 'i:0;') {
}
echo "Invalid max_depth:\n";
var_dump(unserialize('i:0;', ['max_depth' => 'foo']));
var_dump(unserialize('i:0;', ['max_depth' => -1]));
try {
unserialize('i:0;', ['max_depth' => 'foo']);
} catch (TypeError $exception) {
echo $exception->getMessage() . "\n";
}
try {
unserialize('i:0;', ['max_depth' => -1]);
} catch (ValueError $exception) {
echo $exception->getMessage() . "\n";
}
echo "Array:\n";
var_dump(unserialize(
@@ -95,12 +104,8 @@ var_dump(is_array(unserialize(
?>
--EXPECTF--
Invalid max_depth:
Warning: unserialize(): max_depth should be int in %s on line %d
bool(false)
Warning: unserialize(): max_depth cannot be negative in %s on line %d
bool(false)
max_depth should be int
max_depth cannot be negative
Array:
bool(true)

12
ext/standard/var.c
View File

@@ -1003,7 +1003,7 @@ again:
if (ce != PHP_IC_ENTRY && zend_hash_str_exists(&ce->function_table, "__sleep", sizeof("__sleep")-1)) {
zval retval, tmp;
Z_ADDREF_P(struc);
ZVAL_OBJ(&tmp, Z_OBJ_P(struc));
@@ -1138,7 +1138,7 @@ PHPAPI void php_var_serialize_destroy(php_serialize_data_t d) {
}
}
/* {{{ proto string serialize(mixed variable)
/* {{{ proto string|null serialize(mixed variable)
Returns a string representation of variable (which can later be unserialized) */
PHP_FUNCTION(serialize)
{
@@ -1156,7 +1156,7 @@ PHP_FUNCTION(serialize)
if (EG(exception)) {
smart_str_free(&buf);
RETURN_FALSE;
return;
}
if (buf.s) {
@@ -1231,13 +1231,11 @@ PHP_FUNCTION(unserialize)
max_depth = zend_hash_str_find_deref(Z_ARRVAL_P(options), "max_depth", sizeof("max_depth") - 1);
if (max_depth) {
if (Z_TYPE_P(max_depth) != IS_LONG) {
php_error_docref(NULL, E_WARNING, "max_depth should be int");
RETVAL_FALSE;
zend_type_error("max_depth should be int");
goto cleanup;
}
if (Z_LVAL_P(max_depth) < 0) {
php_error_docref(NULL, E_WARNING, "max_depth cannot be negative");
RETVAL_FALSE;
zend_value_error("max_depth cannot be negative");
goto cleanup;
}