Ensure the internal properties cannot be overwritten

duncan3dc · duncan3dc · commit 800bd977c22b · 2019-05-28T19:40:23.000+01:00
diff --git a/ext/date/php_date.c b/ext/date/php_date.c
@@ -5310,12 +5310,35 @@ PHP_METHOD(DatePeriod, __wakeup)
 }
 /* }}} */
 
+/* {{{ date_period_magic_property
+ *  Common for date_period_read_property() and date_period_write_property() functions
+ */
+static int date_period_is_magic_property(zend_string *name)
+{
+	if (zend_string_equals_literal(name, "recurrences")
+		|| zend_string_equals_literal(name, "include_start_date")
+		|| zend_string_equals_literal(name, "start")
+		|| zend_string_equals_literal(name, "current")
+		|| zend_string_equals_literal(name, "end")
+		|| zend_string_equals_literal(name, "interval")
+	) {
+		return 1;
+	}
+	return 0;
+}
+/* }}} */
+
 /* {{{ date_period_read_property */
 static zval *date_period_read_property(zval *object, zval *member, int type, void **cache_slot, zval *rv)
 {
 	if (type != BP_VAR_IS && type != BP_VAR_R) {
-		zend_throw_error(NULL, "Retrieval of DatePeriod properties for modification is unsupported");
-		return &EG(uninitialized_zval);
+		zend_string *name = zval_get_string(member);
+		if (date_period_is_magic_property(name)) {
+			zend_throw_error(NULL, "Retrieval of DatePeriod->%s for modification is unsupported", ZSTR_VAL(name));
+			zend_string_release(name);
+			return &EG(uninitialized_zval);
+		}
+		zend_string_release(name);
 	}
 
 	Z_OBJPROP_P(object); /* build properties hash table */
@@ -5327,7 +5350,15 @@ static zval *date_period_read_property(zval *object, zval *member, int type, voi
 /* {{{ date_period_write_property */
 static void date_period_write_property(zval *object, zval *member, zval *value, void **cache_slot)
 {
-	zend_throw_error(NULL, "Writing to DatePeriod properties is unsupported");
+	zend_string *name = zval_get_string(member);
+	if (date_period_is_magic_property(name)) {
+		zend_throw_error(NULL, "Writing to DatePeriod->%s is unsupported", ZSTR_VAL(name));
+		zend_string_release(name);
+		return;
+	}
+	zend_string_release(name);
+
+	std_object_handlers.write_property(object, member, value, cache_slot);
 }
 /* }}} */
 
diff --git a/ext/date/tests/DatePeriod_properties2.phpt b/ext/date/tests/DatePeriod_properties2.phpt
@@ -0,0 +1,46 @@
+--TEST--
+DatePeriod: Test cannot modify read only properties
+--INI--
+date.timezone=UTC
+--FILE--
+<?php
+
+$period = new DatePeriod(new DateTime, new DateInterval('P1D'), new DateTime);
+
+$properties = [
+    "recurrences",
+    "include_start_date",
+    "start",
+    "current",
+    "end",
+    "interval",
+];
+
+foreach ($properties as $property) {
+    try {
+        $period->$property = "new";
+    } catch (Error $e) {
+        echo $e->getMessage() . "\n";
+    }
+
+    try {
+        $period->$property[] = "extra";
+    } catch (Error $e) {
+        echo $e->getMessage() . "\n";
+    }
+}
+
+?>
+--EXPECT--
+Writing to DatePeriod->recurrences is unsupported
+Retrieval of DatePeriod->recurrences for modification is unsupported
+Writing to DatePeriod->include_start_date is unsupported
+Retrieval of DatePeriod->include_start_date for modification is unsupported
+Writing to DatePeriod->start is unsupported
+Retrieval of DatePeriod->start for modification is unsupported
+Writing to DatePeriod->current is unsupported
+Retrieval of DatePeriod->current for modification is unsupported
+Writing to DatePeriod->end is unsupported
+Retrieval of DatePeriod->end for modification is unsupported
+Writing to DatePeriod->interval is unsupported
+Retrieval of DatePeriod->interval for modification is unsupported
