Switch PDO to use serialize_deny

nikic · nikic · commit 6e4b20269449 · 2018-11-26T13:28:14.000+01:00
And remove dummy __sleep/__wakeup. This switches the thrown
exception type from PDOException to Exception.
diff --git a/UPGRADING b/UPGRADING
@@ -31,6 +31,11 @@ PHP 7.4 UPGRADE NOTES
   . The default parameter value of idn_to_ascii() and idn_to_utf8() is now
     INTL_IDNA_VARIANT_UTS46 instead of the deprecated INTL_IDNA_VARIANT_2003.
 
+- PDO:
+  . Attempting to serialize a PDO instance will now generate an Exception
+    rather than a PDOException, consistent with other internal classes which
+    do not support serialization.
+
 - Reflection:
   . Reflection objects will now generate an exception if an attempt is made
     to serialize them. Serialization for reflection objects was never
diff --git a/ext/pdo/pdo_dbh.c b/ext/pdo/pdo_dbh.c
@@ -33,6 +33,7 @@
 #include "zend_exceptions.h"
 #include "zend_object_handlers.h"
 #include "zend_hash.h"
+#include "zend_interfaces.h"
 
 static int pdo_dbh_attribute_set(pdo_dbh_t *dbh, zend_long attr, zval *value);
 
@@ -1153,22 +1154,6 @@ static PHP_METHOD(PDO, quote)
 }
 /* }}} */
 
-/* {{{ proto PDO::__wakeup()
-   Prevents use of a PDO instance that has been unserialized */
-static PHP_METHOD(PDO, __wakeup)
-{
-	zend_throw_exception_ex(php_pdo_get_exception(), 0, "You cannot serialize or unserialize PDO instances");
-}
-/* }}} */
-
-/* {{{ proto int PDO::__sleep()
-   Prevents serialization of a PDO instance */
-static PHP_METHOD(PDO, __sleep)
-{
-	zend_throw_exception_ex(php_pdo_get_exception(), 0, "You cannot serialize or unserialize PDO instances");
-}
-/* }}} */
-
 /* {{{ proto array PDO::getAvailableDrivers()
    Return array of available PDO drivers */
 static PHP_METHOD(PDO, getAvailableDrivers)
@@ -1241,8 +1226,6 @@ const zend_function_entry pdo_dbh_functions[] = /* {{{ */ {
 	PHP_ME(PDO, errorInfo,              arginfo_pdo__void,         ZEND_ACC_PUBLIC)
 	PHP_ME(PDO, getAttribute,	arginfo_pdo_getattribute,	ZEND_ACC_PUBLIC)
 	PHP_ME(PDO, quote,			arginfo_pdo_quote,		ZEND_ACC_PUBLIC)
-	PHP_ME(PDO, __wakeup,               arginfo_pdo__void,         ZEND_ACC_PUBLIC|ZEND_ACC_FINAL)
-	PHP_ME(PDO, __sleep,                arginfo_pdo__void,         ZEND_ACC_PUBLIC|ZEND_ACC_FINAL)
 	PHP_ME(PDO, getAvailableDrivers,    arginfo_pdo__void,         ZEND_ACC_PUBLIC|ZEND_ACC_STATIC)
 	PHP_FE_END
 };
@@ -1384,6 +1367,8 @@ void pdo_dbh_init(void)
 	INIT_CLASS_ENTRY(ce, "PDO", pdo_dbh_functions);
 	pdo_dbh_ce = zend_register_internal_class(&ce);
 	pdo_dbh_ce->create_object = pdo_dbh_new;
+	pdo_dbh_ce->serialize = zend_class_serialize_deny;
+	pdo_dbh_ce->unserialize = zend_class_unserialize_deny;
 
 	memcpy(&pdo_dbh_object_handlers, &std_object_handlers, sizeof(zend_object_handlers));
 	pdo_dbh_object_handlers.offset = XtOffsetOf(pdo_dbh_object_t, std);
diff --git a/ext/pdo/tests/pecl_bug_5217.phpt b/ext/pdo/tests/pecl_bug_5217.phpt
@@ -25,5 +25,5 @@ try {
 echo "PHP Didn't crash!\n";
 ?>
 --EXPECT--
-Safely caught You cannot serialize or unserialize PDO instances
+Safely caught Serialization of 'PDO' is not allowed
 PHP Didn't crash!
diff --git a/ext/pdo_mysql/tests/pdo_mysql_interface.phpt b/ext/pdo_mysql/tests/pdo_mysql_interface.phpt
@@ -29,8 +29,6 @@ if (false == MySQLPDOTest::detect_transactional_mysql_engine($db))
 		'getAttribute'							=> true,
 		'quote'								=> true,
 		'inTransaction'							=> true,
-		'__wakeup'							=> true,
-		'__sleep'							=> true,
 		'getAvailableDrivers'	=> true,
 	);
 	$classname = get_class($db);
