|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2011-06-30 05:26 UTC] cataphract@php.net
[2011-06-30 05:27 UTC] cataphract@php.net
-Status: Open
+Status: Closed
-Assigned To:
+Assigned To: cataphract
[2011-06-30 05:27 UTC] cataphract@php.net
[2012-04-18 09:50 UTC] laruence@php.net
[2012-07-24 23:41 UTC] rasmus@php.net
[2013-11-17 09:37 UTC] laruence@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Thu Oct 30 22:00:01 2025 UTC |
Description: ------------ var_export() does escape arraykeys properly, but doesn't use the same code for escaping properties. This might lead to code injections (when user-input can be used for a propery name and the var_export()ed code is eval()ed). This was fixed for arraykeys in #19929 and #25758 Test script: --------------- <?php $x = new stdClass(); $x->{'\' => 5)); echo "Hack.\n"; array(array(\''} = 5; var_export($x); ?> Expected result: ---------------- stdClass::__set_state(array( '\' => 5)); echo "Hack.\n"; array(array(\'' => 5, )) Note the backslashes. Actual result: -------------- stdClass::__set_state(array( '' => 5)); echo "Hack.\n"; array(array('' => 5, ))