mirror of
https://github.com/php/php-src.git
synced 2026-04-04 22:52:40 +02:00
adb45a63c0
* Emit deprecation warnings when adding dynamic properties to classes during unserialization - this will become an Error in php 9.0. (Adding dynamic properties in other contexts was already a deprecation warning - the use case of unserialization was overlooked) * Throw an error when attempting to add a dynamic property to a `readonly` class when unserializing * Add new serialization methods `__serialize`/`__unserialize` for SplFixedArray to avoid creating deprecated dynamic properties that would then be added to the backing fixed-size array * Don't add named dynamic/declared properties (e.g. $obj->foo) of SplFixedArray to the backing array when unserializing * Update tests to declare properties or to expect the deprecation warning * Add news entry Co-authored-by: Tyson Andre <tysonandre775@hotmail.com>
20 lines
549 B
PHP
20 lines
549 B
PHP
--TEST--
|
|
SPL: Bug #70155 Use After Free Vulnerability in unserialize() with SPLArrayObject
|
|
--FILE--
|
|
<?php
|
|
$inner = 'x:i:0;O:12:"DateInterval":1:{s:1:"y";i:3;};m:a:1:{i:0;R:2;}';
|
|
$exploit = 'C:11:"ArrayObject":'.strlen($inner).':{'.$inner.'}';
|
|
$data = unserialize($exploit);
|
|
|
|
var_dump($data);
|
|
?>
|
|
--EXPECTF--
|
|
Deprecated: Creation of dynamic property ArrayObject::$0 is deprecated in %s on line %d
|
|
|
|
Fatal error: Uncaught InvalidArgumentException: Overloaded object of type DateInterval is not compatible with ArrayObject in %s
|
|
Stack trace:
|
|
%s
|
|
%s
|
|
%s
|
|
%s
|