PHPC-393: Ignore non-public properties when encoding BSON

Author: jmikola

src/bson.c

@@ -774,12 +774,28 @@ void phongo_bson_append(bson_t *bson, php_phongo_bson_flags_t flags, const char
 	}
 }
 
+static bool is_public_property(zend_class_entry *ce, const char *prop_name, int prop_name_len TSRMLS_DC) /* {{{ */
+{
+	zend_property_info *property_info;
+	zval member;
+
+	ZVAL_STRINGL(&member, prop_name, prop_name_len, 0);
+	property_info = zend_get_property_info(ce, &member, 1 TSRMLS_CC);
+
+	return (property_info && (property_info->flags & ZEND_ACC_PUBLIC));
+}
+/* }}} */
+
 PHONGO_API void zval_to_bson(zval *data, php_phongo_bson_flags_t flags, bson_t *bson, bson_t **bson_out TSRMLS_DC) /* {{{ */
 {
 	HashPosition pos;
 	HashTable   *ht_data = NULL;
 	zval        *obj_data = NULL;
 
+	/* If we will be encoding a class that may contain protected and private
+	 * properties, we'll need to filter them out later. */
+	bool         ht_data_from_properties = false;
+
 	switch(Z_TYPE_P(data)) {
 		case IS_OBJECT:
 			if (instanceof_function(Z_OBJCE_P(data), php_phongo_serializable_ce TSRMLS_CC)) {
@@ -813,7 +829,10 @@ PHONGO_API void zval_to_bson(zval *data, php_phongo_bson_flags_t flags, bson_t *
 
 				break;
 			}
-			/* break intentionally omitted */
+
+			ht_data = Z_OBJ_HT_P(data)->get_properties(data TSRMLS_CC);
+			ht_data_from_properties = true;
+			break;
 
 		case IS_ARRAY:
 			ht_data = HASH_OF(data);
@@ -850,11 +869,16 @@ PHONGO_API void zval_to_bson(zval *data, php_phongo_bson_flags_t flags, bson_t *
 		}
 
 		if (hash_type == HASH_KEY_IS_STRING) {
-			if (Z_TYPE_P(data) == IS_OBJECT) {
+			if (ht_data_from_properties) {
 				const char *class_name;
 
 				zend_unmangle_property_name(key, key_len-1, &class_name, (const char **)&key);
 				key_len = strlen(key);
+
+				/* Ignore non-public properties */
+				if (!is_public_property(Z_OBJCE_P(data), key, key_len TSRMLS_CC)) {
+					continue;
+				}
 			} else {
 				/* Chop off the \0 from string lengths */
 				key_len -= 1;

tests/bson/bson-fromPHP-002.phpt

@@ -24,7 +24,6 @@ hex_dump($s);
 ===DONE===
 <?php exit(0); ?>
 --EXPECT--
-Test { "foo" : 1, "bar" : 2, "baz" : 3 }
-     0 : 20 00 00 00 10 66 6f 6f 00 01 00 00 00 10 62 61  [ ....foo......ba]
-    10 : 72 00 02 00 00 00 10 62 61 7a 00 03 00 00 00 00  [r......baz......]
+Test { "baz" : 3 }
+     0 : 0e 00 00 00 10 62 61 7a 00 03 00 00 00 00        [.....baz......]
 ===DONE===

tests/bson/bson-fromPHP-003.phpt

@@ -37,12 +37,10 @@ Test { "0" : { "$date" : 1416445411987 } }
      0 : 10 00 00 00 09 30 00 93 c2 b9 ca 49 01 00 00 00  [.....0.....I....]
 Test { "x" : { "$date" : 1416445411987 } }
      0 : 10 00 00 00 09 78 00 93 c2 b9 ca 49 01 00 00 00  [.....x.....I....]
-Test { "0" : { "foo" : 1, "bar" : 2, "baz" : 3 } }
-     0 : 28 00 00 00 03 30 00 20 00 00 00 10 66 6f 6f 00  [(....0. ....foo.]
-    10 : 01 00 00 00 10 62 61 72 00 02 00 00 00 10 62 61  [.....bar......ba]
-    20 : 7a 00 03 00 00 00 00 00                          [z.......]
-Test { "x" : { "foo" : 1, "bar" : 2, "baz" : 3 } }
-     0 : 28 00 00 00 03 78 00 20 00 00 00 10 66 6f 6f 00  [(....x. ....foo.]
-    10 : 01 00 00 00 10 62 61 72 00 02 00 00 00 10 62 61  [.....bar......ba]
-    20 : 7a 00 03 00 00 00 00 00                          [z.......]
+Test { "0" : { "baz" : 3 } }
+     0 : 16 00 00 00 03 30 00 0e 00 00 00 10 62 61 7a 00  [.....0......baz.]
+    10 : 03 00 00 00 00 00                                [......]
+Test { "x" : { "baz" : 3 } }
+     0 : 16 00 00 00 03 78 00 0e 00 00 00 10 62 61 7a 00  [.....x......baz.]
+    10 : 03 00 00 00 00 00                                [......]
 ===DONE===