cataphract Thu, 30 Jun 2011 09:26:35 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=312661
Log: - Fixed bug #55082 (var_export() doesn't escape properties properly). Bug: https://bugs.php.net/55082 (Open) var_export() doesn't escape properties properly Changed paths: U php/php-src/branches/PHP_5_3/NEWS A php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/var_export_basic9.phpt U php/php-src/branches/PHP_5_3/ext/standard/var.c A php/php-src/branches/PHP_5_4/ext/standard/tests/general_functions/var_export_basic9.phpt U php/php-src/branches/PHP_5_4/ext/standard/var.c A php/php-src/trunk/ext/standard/tests/general_functions/var_export_basic9.phpt U php/php-src/trunk/ext/standard/var.c Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2011-06-30 08:15:06 UTC (rev 312660) +++ php/php-src/branches/PHP_5_3/NEWS 2011-06-30 09:26:35 UTC (rev 312661) @@ -3,6 +3,8 @@ ?? ??? 2011, PHP 5.3.7 - Core: . Fixed crash in error_log(). (Felipe) Reported by Mateusz Kocielski. + . Fixed bug #55082 (var_export() doesn't escape properties properly). + (Gustavo) - DateTime extension: . Fixed bug where the DateTime object got changed while using date_diff(). Added: php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/var_export_basic9.phpt =================================================================== --- php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/var_export_basic9.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/var_export_basic9.phpt 2011-06-30 09:26:35 UTC (rev 312661) @@ -0,0 +1,11 @@ +--TEST-- +Bug #55082: var_export() doesn't escape properties properly +--FILE-- +<?php + $x = new stdClass(); + $x->{'\'\\'} = 7; + echo var_export($x); +--EXPECT-- +stdClass::__set_state(array( + '\'\\' => 7, +)) Property changes on: php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/var_export_basic9.phpt ___________________________________________________________________ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native Modified: php/php-src/branches/PHP_5_3/ext/standard/var.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/standard/var.c 2011-06-30 08:15:06 UTC (rev 312660) +++ php/php-src/branches/PHP_5_3/ext/standard/var.c 2011-06-30 09:26:35 UTC (rev 312661) @@ -387,18 +387,26 @@ { int level; smart_str *buf; - char *prop_name, *class_name; level = va_arg(args, int); buf = va_arg(args, smart_str *); buffer_append_spaces(buf, level + 2); if (hash_key->nKeyLength != 0) { - zend_unmangle_property_name(hash_key->arKey, hash_key->nKeyLength - 1, &class_name, &prop_name); + char *class_name, /* ignored, but must be passed to unmangle */ + *pname, + *pname_esc; + int pname_esc_len; + + zend_unmangle_property_name(hash_key->arKey, hash_key->nKeyLength - 1, + &class_name, &pname); + pname_esc = php_addcslashes(pname, strlen(pname), &pname_esc_len, 0, + "'\\", 2 TSRMLS_CC); smart_str_appendc(buf, '\''); - smart_str_appends(buf, prop_name); + smart_str_appendl(buf, pname_esc, pname_esc_len); smart_str_appendc(buf, '\''); + efree(pname_esc); } else { smart_str_append_long(buf, hash_key->h); } Added: php/php-src/branches/PHP_5_4/ext/standard/tests/general_functions/var_export_basic9.phpt =================================================================== --- php/php-src/branches/PHP_5_4/ext/standard/tests/general_functions/var_export_basic9.phpt (rev 0) +++ php/php-src/branches/PHP_5_4/ext/standard/tests/general_functions/var_export_basic9.phpt 2011-06-30 09:26:35 UTC (rev 312661) @@ -0,0 +1,11 @@ +--TEST-- +Bug #55082: var_export() doesn't escape properties properly +--FILE-- +<?php + $x = new stdClass(); + $x->{'\'\\'} = 7; + echo var_export($x); +--EXPECT-- +stdClass::__set_state(array( + '\'\\' => 7, +)) Property changes on: php/php-src/branches/PHP_5_4/ext/standard/tests/general_functions/var_export_basic9.phpt ___________________________________________________________________ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native Modified: php/php-src/branches/PHP_5_4/ext/standard/var.c =================================================================== --- php/php-src/branches/PHP_5_4/ext/standard/var.c 2011-06-30 08:15:06 UTC (rev 312660) +++ php/php-src/branches/PHP_5_4/ext/standard/var.c 2011-06-30 09:26:35 UTC (rev 312661) @@ -384,18 +384,26 @@ { int level; smart_str *buf; - char *prop_name, *class_name; level = va_arg(args, int); buf = va_arg(args, smart_str *); buffer_append_spaces(buf, level + 2); if (hash_key->nKeyLength != 0) { - zend_unmangle_property_name(hash_key->arKey, hash_key->nKeyLength - 1, &class_name, &prop_name); + char *class_name, /* ignored, but must be passed to unmangle */ + *pname, + *pname_esc; + int pname_esc_len; + + zend_unmangle_property_name(hash_key->arKey, hash_key->nKeyLength - 1, + &class_name, &pname); + pname_esc = php_addcslashes(pname, strlen(pname), &pname_esc_len, 0, + "'\\", 2 TSRMLS_CC); smart_str_appendc(buf, '\''); - smart_str_appends(buf, prop_name); + smart_str_appendl(buf, pname_esc, pname_esc_len); smart_str_appendc(buf, '\''); + efree(pname_esc); } else { smart_str_append_long(buf, (long) hash_key->h); } Added: php/php-src/trunk/ext/standard/tests/general_functions/var_export_basic9.phpt =================================================================== --- php/php-src/trunk/ext/standard/tests/general_functions/var_export_basic9.phpt (rev 0) +++ php/php-src/trunk/ext/standard/tests/general_functions/var_export_basic9.phpt 2011-06-30 09:26:35 UTC (rev 312661) @@ -0,0 +1,11 @@ +--TEST-- +Bug #55082: var_export() doesn't escape properties properly +--FILE-- +<?php + $x = new stdClass(); + $x->{'\'\\'} = 7; + echo var_export($x); +--EXPECT-- +stdClass::__set_state(array( + '\'\\' => 7, +)) Property changes on: php/php-src/trunk/ext/standard/tests/general_functions/var_export_basic9.phpt ___________________________________________________________________ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native Modified: php/php-src/trunk/ext/standard/var.c =================================================================== --- php/php-src/trunk/ext/standard/var.c 2011-06-30 08:15:06 UTC (rev 312660) +++ php/php-src/trunk/ext/standard/var.c 2011-06-30 09:26:35 UTC (rev 312661) @@ -384,18 +384,26 @@ { int level; smart_str *buf; - char *prop_name, *class_name; level = va_arg(args, int); buf = va_arg(args, smart_str *); buffer_append_spaces(buf, level + 2); if (hash_key->nKeyLength != 0) { - zend_unmangle_property_name(hash_key->arKey, hash_key->nKeyLength - 1, &class_name, &prop_name); + char *class_name, /* ignored, but must be passed to unmangle */ + *pname, + *pname_esc; + int pname_esc_len; + + zend_unmangle_property_name(hash_key->arKey, hash_key->nKeyLength - 1, + &class_name, &pname); + pname_esc = php_addcslashes(pname, strlen(pname), &pname_esc_len, 0, + "'\\", 2 TSRMLS_CC); smart_str_appendc(buf, '\''); - smart_str_appends(buf, prop_name); + smart_str_appendl(buf, pname_esc, pname_esc_len); smart_str_appendc(buf, '\''); + efree(pname_esc); } else { smart_str_append_long(buf, (long) hash_key->h); }
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php