mirror of
https://github.com/phpv8/v8js.git
synced 2024-11-09 16:28:41 +00:00
Don't allow JS to overwrite protected/private properties
This commit is contained in:
Stefan Siegl
parent
170b1ff94c
commit
53cac1c524
46
tests/property_visibility-set.phpt
Normal file
46
tests/property_visibility-set.phpt
Normal file
@ -0,0 +1,46 @@
|
||||
--TEST--
|
||||
Test V8::executeString() : Property visibility - set
|
||||
--SKIPIF--
|
||||
<?php require_once(dirname(__FILE__) . '/skipif.inc'); ?>
|
||||
--FILE--
|
||||
<?php
|
||||
|
||||
class Foo {
|
||||
private $privBar = "privBar";
|
||||
protected $protBar = "protBar";
|
||||
public $pubBar = "pubBar";
|
||||
|
||||
public function dump() {
|
||||
var_dump($this->privBar);
|
||||
var_dump($this->protBar);
|
||||
var_dump($this->pubBar);
|
||||
}
|
||||
}
|
||||
|
||||
$js = new V8Js();
|
||||
$js->foo = new Foo();
|
||||
|
||||
$script = <<<END
|
||||
|
||||
PHP.foo.privBar = 'jsPriv';
|
||||
PHP.foo.protBar = 'jsProt';
|
||||
PHP.foo.pubBar = 'jsPub';
|
||||
|
||||
var_dump(PHP.foo.privBar);
|
||||
var_dump(PHP.foo.protBar);
|
||||
var_dump(PHP.foo.pubBar);
|
||||
|
||||
END;
|
||||
|
||||
$js->executeString($script);
|
||||
$js->foo->dump();
|
||||
?>
|
||||
===EOF===
|
||||
--EXPECT--
|
||||
string(6) "jsPriv"
|
||||
string(6) "jsProt"
|
||||
string(5) "jsPub"
|
||||
string(7) "privBar"
|
||||
string(7) "protBar"
|
||||
string(5) "jsPub"
|
||||
===EOF===
|
||||
@ -658,12 +658,20 @@ static inline v8::Local<v8::Value> php_v8js_named_property_callback(v8::Local<v8
|
||||
}
|
||||
} else if (callback_type == V8JS_PROP_SETTER) {
|
||||
MAKE_STD_ZVAL(php_value);
|
||||
if (v8js_to_zval(set_value, php_value, 0, isolate TSRMLS_CC) == SUCCESS) {
|
||||
zend_update_property(scope, object, V8JS_CONST name, name_len, php_value TSRMLS_CC);
|
||||
ret_value = set_value;
|
||||
} else {
|
||||
if (v8js_to_zval(set_value, php_value, 0, isolate TSRMLS_CC) != SUCCESS) {
|
||||
ret_value = v8::Handle<v8::Value>();
|
||||
}
|
||||
else {
|
||||
zval zname;
|
||||
ZVAL_STRINGL(&zname, name, name_len, 0);
|
||||
zend_property_info *property_info = zend_get_property_info(ce, &zname, 1 TSRMLS_CC);
|
||||
|
||||
if(property_info && property_info->flags & ZEND_ACC_PUBLIC) {
|
||||
zend_update_property(scope, object, V8JS_CONST name, name_len, php_value TSRMLS_CC);
|
||||
ret_value = set_value;
|
||||
}
|
||||
}
|
||||
|
||||
// if PHP wanted to hold on to this value, update_property would
|
||||
// have bumped the refcount
|
||||
zval_ptr_dtor(&php_value);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user