unserialize_ref_to_overwritten_declared_prop.phpt - OpenGrok history log for /PHP-8.2/ext/standard/tests/serialize/unserialize_ref_to_overwritten_declared

Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
# adb45a63	30-Aug-2022	Máté Kocsis	Fix GH-9186 @strict-properties can be bypassed using unserialization (#9354) * Emit deprecation warnings when adding dynamic properties to classes during unserialization - this will become a Fix GH-9186 @strict-properties can be bypassed using unserialization (#9354) * Emit deprecation warnings when adding dynamic properties to classes during unserialization - this will become an Error in php 9.0. (Adding dynamic properties in other contexts was already a deprecation warning - the use case of unserialization was overlooked) * Throw an error when attempting to add a dynamic property to a `readonly` class when unserializing * Add new serialization methods `__serialize`/`__unserialize` for SplFixedArray to avoid creating deprecated dynamic properties that would then be added to the backing fixed-size array * Don't add named dynamic/declared properties (e.g. $obj->foo) of SplFixedArray to the backing array when unserializing * Update tests to declare properties or to expect the deprecation warning * Add news entry Co-authored-by: Tyson Andre <tysonandre775@hotmail.com> show more ... /PHP-8.2/ext/standard/tests/serialize/unserialize_ref_to_overwritten_declared_prop.phpt
# e0328473	18-Feb-2021	Nikita Popov	Initialize property to UNDEF on unserialize overwrite The UNDEF marker here is important to prevent the creation of a reference to the property currently being overwritten, which wou Initialize property to UNDEF on unserialize overwrite The UNDEF marker here is important to prevent the creation of a reference to the property currently being overwritten, which would then leak. This fixes oss-fuzz 6029559193534464, which was incorrectly merged into oss-fuzz #30584 (which is reported at https://github.com/google/oss-fuzz/issues/5211). show more ... /PHP-8.2/ext/standard/tests/serialize/unserialize_ref_to_overwritten_declared_prop.phpt

Revision

Date

Author

Comments

(<<< Hide modified files)

(Show modified files >>>)

# adb45a63

30-Aug-2022

Máté Kocsis

Fix GH-9186 @strict-properties can be bypassed using unserialization (#9354)

* Emit deprecation warnings when adding dynamic properties to classes during unserialization - this will become a

Fix GH-9186 @strict-properties can be bypassed using unserialization (#9354)

* Emit deprecation warnings when adding dynamic properties to classes during unserialization - this will become an Error in php 9.0.
(Adding dynamic properties in other contexts was already a deprecation warning - the use case of unserialization was overlooked)
* Throw an error when attempting to add a dynamic property to a `readonly` class when unserializing
* Add new serialization methods `__serialize`/`__unserialize` for SplFixedArray to avoid creating deprecated dynamic
properties that would then be added to the backing fixed-size array
* Don't add named dynamic/declared properties (e.g. $obj->foo) of SplFixedArray to the backing array when unserializing
* Update tests to declare properties or to expect the deprecation warning
* Add news entry

Co-authored-by: Tyson Andre <tysonandre775@hotmail.com>

/PHP-8.2/ext/standard/tests/serialize/unserialize_ref_to_overwritten_declared_prop.phpt

# e0328473

18-Feb-2021

Nikita Popov

Initialize property to UNDEF on unserialize overwrite

The UNDEF marker here is important to prevent the creation of
a reference to the property currently being overwritten, which
wou

Initialize property to UNDEF on unserialize overwrite

The UNDEF marker here is important to prevent the creation of
a reference to the property currently being overwritten, which
would then leak.

This fixes oss-fuzz 6029559193534464, which was incorrectly
merged into oss-fuzz #30584 (which is reported at
https://github.com/google/oss-fuzz/issues/5211).

/PHP-8.2/ext/standard/tests/serialize/unserialize_ref_to_overwritten_declared_prop.phpt