Adapted for 5.4.16

From d5248f67b58ac3107fec82c5b937fc3f4c89784a Mon Sep 17 00:00:00 2001

From: Dmitry Stogov <dmitry@zend.com>

Date: Mon, 2 Mar 2015 12:27:36 +0300

Subject: [PATCH] Check variable type before its usage as IS_ARRAY.

---

 ext/soap/soap.c | 3 ++-

 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ext/soap/soap.c b/ext/soap/soap.c

index eaa57d9..8790605 100644

--- a/ext/soap/soap.c

+++ b/ext/soap/soap.c

@@ -2879,7 +2879,8 @@ PHP_METHOD(SoapClient, __call)

 	}

 	/* Add default headers */

-	if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__default_headers", sizeof("__default_headers"), (void **) &tmp)==SUCCESS) {

+	if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__default_headers", sizeof("__default_headers"), (void **) &tmp)==SUCCESS &&

+	    Z_TYPE_PP(tmp) == IS_ARRAY) {

 		HashTable *default_headers = Z_ARRVAL_P(*tmp);

 		if (soap_headers) {

 			if (!free_soap_headers) {

-- 

2.1.4

From 0c136a2abd49298b66acb0cad504f0f972f5bfe8 Mon Sep 17 00:00:00 2001

From: Dmitry Stogov <dmitry@zend.com>

Date: Tue, 3 Mar 2015 09:44:46 +0300

Subject: [PATCH] Added type checks

---

 ext/soap/php_encoding.c |  9 ++++++---

 ext/soap/php_http.c     | 23 +++++++++++++++--------

 ext/soap/soap.c         | 41 +++++++++++++++++++++++++----------------

 3 files changed, 46 insertions(+), 27 deletions(-)

diff --git a/ext/soap/php_encoding.c b/ext/soap/php_encoding.c

index 5e93b8a..fd9e367 100644

--- a/ext/soap/php_encoding.c

+++ b/ext/soap/php_encoding.c

@@ -3649,18 +3649,21 @@ static encodePtr get_array_type(xmlNodePtr node, zval *array, smart_str *type TS

 		    Z_OBJCE_PP(tmp) == soap_var_class_entry) {

 			zval **ztype;

-			if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_type", sizeof("enc_type"), (void **)&ztype) == FAILURE) {

+			if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_type", sizeof("enc_type"), (void **)&ztype) == FAILURE ||

+			    Z_TYPE_PP(ztype) != IS_LONG) {

 				soap_error0(E_ERROR,  "Encoding: SoapVar has no 'enc_type' property");

 			}

 			cur_type = Z_LVAL_PP(ztype);

-			if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_stype", sizeof("enc_stype"), (void **)&ztype) == SUCCESS) {

+			if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_stype", sizeof("enc_stype"), (void **)&ztype) == SUCCESS &&

+			    Z_TYPE_PP(ztype) == IS_STRING) {

 				cur_stype = Z_STRVAL_PP(ztype);

 			} else {

 				cur_stype = NULL;

 			}

-			if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_ns", sizeof("enc_ns"), (void **)&ztype) == SUCCESS) {

+			if (zend_hash_find(Z_OBJPROP_PP(tmp), "enc_ns", sizeof("enc_ns"), (void **)&ztype) == SUCCESS &&

+			    Z_TYPE_PP(ztype) == IS_STRING) {

 				cur_ns = Z_STRVAL_PP(ztype);

 			} else {

 				cur_ns = NULL;

diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c

index 9e74a7c..8c5082c 100644

--- a/ext/soap/php_http.c

+++ b/ext/soap/php_http.c

@@ -36,14 +36,16 @@ int proxy_authentication(zval* this_ptr, smart_str* soap_headers TSRMLS_DC)

 {

 	zval **login, **password;

-	if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_proxy_login", sizeof("_proxy_login"), (void **)&login) == SUCCESS) {

+	if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_proxy_login", sizeof("_proxy_login"), (void **)&login) == SUCCESS &&

+	    Z_TYPE_PP(login) == IS_STRING) {

 		unsigned char* buf;

 		int len;

 		smart_str auth = {0};

 		smart_str_appendl(&auth, Z_STRVAL_PP(login), Z_STRLEN_PP(login));

 		smart_str_appendc(&auth, ':');

-		if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_proxy_password", sizeof("_proxy_password"), (void **)&password) == SUCCESS) {

+		if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_proxy_password", sizeof("_proxy_password"), (void **)&password) == SUCCESS &&

+		    Z_TYPE_PP(password) == IS_STRING) {

 			smart_str_appendl(&auth, Z_STRVAL_PP(password), Z_STRLEN_PP(password));

 		}

 		smart_str_0(&auth);

@@ -64,14 +66,16 @@ int basic_authentication(zval* this_ptr, smart_str* soap_headers TSRMLS_DC)

 	zval **login, **password;

 	if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_login", sizeof("_login"), (void **)&login) == SUCCESS &&

-			!zend_hash_exists(Z_OBJPROP_P(this_ptr), "_digest", sizeof("_digest"))) {

+	    Z_TYPE_PP(login) == IS_STRING &&

+	    !zend_hash_exists(Z_OBJPROP_P(this_ptr), "_digest", sizeof("_digest"))) {

 		unsigned char* buf;

 		int len;

 		smart_str auth = {0};

 		smart_str_appendl(&auth, Z_STRVAL_PP(login), Z_STRLEN_PP(login));

 		smart_str_appendc(&auth, ':');

-		if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_password", sizeof("_password"), (void **)&password) == SUCCESS) {

+		if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_password", sizeof("_password"), (void **)&password) == SUCCESS &&

+		    Z_TYPE_PP(password) == IS_STRING) {

 			smart_str_appendl(&auth, Z_STRVAL_PP(password), Z_STRLEN_PP(password));

 		}

 		smart_str_0(&auth);

@@ -509,6 +513,7 @@ try_again:

 		}

 		if (!http_1_1 ||

 			(zend_hash_find(Z_OBJPROP_P(this_ptr), "_keep_alive", sizeof("_keep_alive"), (void **)&tmp) == SUCCESS &&

+			 (Z_TYPE_PP(tmp) == IS_BOOL || Z_TYPE_PP(tmp) == IS_LONG) &&

 			 Z_LVAL_PP(tmp) == 0)) {

 			smart_str_append_const(&soap_headers, "\r\n"

 				"Connection: close\r\n");

@@ -742,7 +747,8 @@ try_again:

 		}

 		/* Send cookies along with request */

-		if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == SUCCESS) {

+		if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == SUCCESS &&

+		    Z_TYPE_PP(cookies) == IS_ARRAY) {

 			zval **data;

 			char *key;

 			int i, n;

@@ -785,7 +791,7 @@ try_again:

 		smart_str_append_const(&soap_headers, "\r\n");

 		smart_str_0(&soap_headers);

 		if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS &&

-		    Z_LVAL_PP(trace) > 0) {

+		    (Z_TYPE_PP(trace) == IS_BOOL || Z_TYPE_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) {

 			add_property_stringl(this_ptr, "__last_request_headers", soap_headers.c, soap_headers.len, 1);

 		}

 		smart_str_appendl(&soap_headers, request, request_size);

@@ -830,7 +836,7 @@ try_again:

 		}

 		if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS &&

-		    Z_LVAL_PP(trace) > 0) {

+		    (Z_TYPE_PP(trace) == IS_BOOL || Z_TYPE_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) {

 			add_property_stringl(this_ptr, "__last_response_headers", http_headers, http_header_size, 1);

 		}

@@ -879,7 +885,8 @@ try_again:

 		char *eqpos, *sempos;

 		zval **cookies;

-		if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == FAILURE) {

+		if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == FAILURE ||

+		    Z_TYPE_PP(cookies) != IS_ARRAY) {

 			zval *tmp_cookies;

 			MAKE_STD_ZVAL(tmp_cookies);

 			array_init(tmp_cookies);

diff --git a/ext/soap/soap.c b/ext/soap/soap.c

index 8790605..9ec6347 100644

--- a/ext/soap/soap.c

+++ b/ext/soap/soap.c

@@ -2549,7 +2549,7 @@ static int do_request(zval *this_ptr, xmlDoc *request, char *location, char *act

 	}

 	if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS &&

-	    Z_LVAL_PP(trace) > 0) {

+	    (Z_LVAL_PP(trace) == IS_BOOL || Z_LVAL_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) {

 		add_property_stringl(this_ptr, "__last_request", buf, buf_size, 1);

 	}

@@ -2589,7 +2589,7 @@ static int do_request(zval *this_ptr, xmlDoc *request, char *location, char *act

 		}

 		ret = FALSE;

 	} else if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS &&

-	    Z_LVAL_PP(trace) > 0) {

+	           (Z_LVAL_PP(trace) == IS_BOOL || Z_LVAL_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) {

 		add_property_stringl(this_ptr, "__last_response", Z_STRVAL_P(response), Z_STRLEN_P(response), 1);

 	}

 	xmlFree(buf);

@@ -2628,13 +2628,13 @@ static void do_soap_call(zval* this_ptr,

 	SOAP_CLIENT_BEGIN_CODE();

-	if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS

-		&& Z_LVAL_PP(trace) > 0) {

+	if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS &&

+	    (Z_LVAL_PP(trace) == IS_BOOL || Z_LVAL_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) {

 		zend_hash_del(Z_OBJPROP_P(this_ptr), "__last_request", sizeof("__last_request"));

 		zend_hash_del(Z_OBJPROP_P(this_ptr), "__last_response", sizeof("__last_response"));

 	}

-	if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_soap_version", sizeof("_soap_version"), (void **) &tmp) == SUCCESS

-		&& Z_LVAL_PP(tmp) == SOAP_1_2) {

+	if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_soap_version", sizeof("_soap_version"), (void **) &tmp) == SUCCESS &&

+		Z_TYPE_PP(tmp) == IS_LONG && Z_LVAL_PP(tmp) == SOAP_1_2) {

 		soap_version = SOAP_1_2;

 	} else {

 		soap_version = SOAP_1_1;

@@ -2730,7 +2730,7 @@ static void do_soap_call(zval* this_ptr,

 		zval **uri;

 		smart_str action = {0};

-		if (zend_hash_find(Z_OBJPROP_P(this_ptr), "uri", sizeof("uri"), (void *)&uri) == FAILURE) {

+		if (zend_hash_find(Z_OBJPROP_P(this_ptr), "uri", sizeof("uri"), (void *)&uri) == FAILURE || Z_TYPE_PP(uri) != IS_STRING) {

 			add_soap_fault(this_ptr, "Client", "Error finding \"uri\" property", NULL, NULL TSRMLS_CC);

 		} else if (location == NULL) {

 			add_soap_fault(this_ptr, "Client", "Error could not find \"location\" property", NULL, NULL TSRMLS_CC);

@@ -3001,7 +3001,8 @@ PHP_METHOD(SoapClient, __getLastRequest)

 		return;

 	}

-	if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_request", sizeof("__last_request"), (void **)&tmp) == SUCCESS) {

+	if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_request", sizeof("__last_request"), (void **)&tmp) == SUCCESS &&

+	    Z_TYPE_PP(tmp) == IS_STRING) {

 		RETURN_STRINGL(Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), 1);

 	}

 	RETURN_NULL();

@@ -3019,7 +3020,8 @@ PHP_METHOD(SoapClient, __getLastResponse)

 		return;

 	}

-	if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_response", sizeof("__last_response"), (void **)&tmp) == SUCCESS) {

+	if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_response", sizeof("__last_response"), (void **)&tmp) == SUCCESS &&

+	    Z_TYPE_PP(tmp) == IS_STRING) {

 		RETURN_STRINGL(Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), 1);

 	}

 	RETURN_NULL();

@@ -3037,7 +3039,8 @@ PHP_METHOD(SoapClient, __getLastRequestHeaders)

 		return;

 	}

-	if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_request_headers", sizeof("__last_request_headers"), (void **)&tmp) == SUCCESS) {

+	if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_request_headers", sizeof("__last_request_headers"), (void **)&tmp) == SUCCESS &&

+	    Z_TYPE_PP(tmp) == IS_STRING) {

 		RETURN_STRINGL(Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), 1);

 	}

 	RETURN_NULL();

@@ -3055,7 +3058,8 @@ PHP_METHOD(SoapClient, __getLastResponseHeaders)

 		return;

 	}

-	if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_response_headers", sizeof("__last_response_headers"), (void **)&tmp) == SUCCESS) {

+	if (zend_hash_find(Z_OBJPROP_P(this_ptr), "__last_response_headers", sizeof("__last_response_headers"), (void **)&tmp) == SUCCESS &&

+	    Z_TYPE_PP(tmp) == IS_STRING) {

 		RETURN_STRINGL(Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), 1);

 	}

 	RETURN_NULL();

@@ -3111,13 +3115,15 @@ PHP_METHOD(SoapClient, __setCookie)

 	}

 	if (val == NULL) {

-		if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == SUCCESS) {

+		if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == SUCCESS &&

+		    Z_TYPE_PP(cookies) == IS_ARRAY) {

 			zend_hash_del(Z_ARRVAL_PP(cookies), name, name_len+1);

 		}

 	} else {

 		zval *zcookie;

-		if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == FAILURE) {

+		if (zend_hash_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies"), (void **)&cookies) == FAILURE ||

+		    Z_TYPE_PP(cookies) != IS_ARRAY) {

 			zval *tmp_cookies;

 			MAKE_STD_ZVAL(tmp_cookies);

@@ -4166,7 +4172,8 @@ static xmlDocPtr serialize_function_call(zval *this_ptr, sdlFunctionPtr function

 			}

 		}

 	} else {

-		if (zend_hash_find(Z_OBJPROP_P(this_ptr), "style", sizeof("style"), (void **)&zstyle) == SUCCESS) {

+		if (zend_hash_find(Z_OBJPROP_P(this_ptr), "style", sizeof("style"), (void **)&zstyle) == SUCCESS &&

+		    Z_TYPE_PP(zstyle) == IS_LONG) {

 			style = Z_LVAL_PP(zstyle);

 		} else {

 			style = SOAP_RPC;

@@ -4189,7 +4196,7 @@ static xmlDocPtr serialize_function_call(zval *this_ptr, sdlFunctionPtr function

 		}

 		if (zend_hash_find(Z_OBJPROP_P(this_ptr), "use", sizeof("use"), (void **)&zuse) == SUCCESS &&

-			  Z_LVAL_PP(zuse) == SOAP_LITERAL) {

+		    Z_TYPE_PP(zuse) == IS_LONG && Z_LVAL_PP(zuse) == SOAP_LITERAL) {

 			use = SOAP_LITERAL;

 		} else {

 			use = SOAP_ENCODED;

@@ -4350,6 +4357,7 @@ static xmlNodePtr serialize_parameter(sdlParamPtr param, zval *param_val, int in

 		zval **param_data;

 		if (zend_hash_find(Z_OBJPROP_P(param_val), "param_name", sizeof("param_name"), (void **)&param_name) == SUCCESS &&

+		    Z_TYPE_PP(param_name) == IS_STRING &&

 		    zend_hash_find(Z_OBJPROP_P(param_val), "param_data", sizeof("param_data"), (void **)&param_data) == SUCCESS) {

 			param_val = *param_data;

 			name = Z_STRVAL_PP(param_name);

-- 

2.1.4

From c8eaca013a3922e8383def6158ece2b63f6ec483 Mon Sep 17 00:00:00 2001

From: Dmitry Stogov <dmitry@zend.com>

Date: Tue, 3 Mar 2015 10:43:48 +0300

Subject: [PATCH] Added type checks

---

 ext/soap/php_encoding.c | 21 ++++++++++++++-------

 ext/soap/soap.c         |  6 ++++--

 2 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/ext/soap/php_encoding.c b/ext/soap/php_encoding.c

index fd9e367..31f1f7c 100644

--- a/ext/soap/php_encoding.c

+++ b/ext/soap/php_encoding.c

@@ -404,12 +404,15 @@ static xmlNodePtr master_to_xml_int(encodePtr encode, zval *data, int style, xml

 		encodePtr enc = NULL;

 		HashTable *ht = Z_OBJPROP_P(data);

-		if (zend_hash_find(ht, "enc_type", sizeof("enc_type"), (void **)&ztype) == FAILURE) {

+		if (zend_hash_find(ht, "enc_type", sizeof("enc_type"), (void **)&ztype) == FAILURE ||

+		    Z_TYPE_PP(ztype) != IS_LONG) {

 			soap_error0(E_ERROR, "Encoding: SoapVar has no 'enc_type' property");

 		}

-		if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS) {

-			if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS) {

+		if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS &&

+		    Z_TYPE_PP(zstype) == IS_STRING) {

+			if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS &&

+			    Z_TYPE_PP(zns) == IS_STRING) {

 				enc = get_encoder(SOAP_GLOBAL(sdl), Z_STRVAL_PP(zns), Z_STRVAL_PP(zstype));

 			} else {

 				zns = NULL;

@@ -445,8 +448,10 @@ static xmlNodePtr master_to_xml_int(encodePtr encode, zval *data, int style, xml

 		}

 		if (style == SOAP_ENCODED || (SOAP_GLOBAL(sdl) && encode != enc)) {

-			if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS) {

-				if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS) {

+			if (zend_hash_find(ht, "enc_stype", sizeof("enc_stype"), (void **)&zstype) == SUCCESS &&

+			    Z_TYPE_PP(zstype) == IS_STRING) {

+				if (zend_hash_find(ht, "enc_ns", sizeof("enc_ns"), (void **)&zns) == SUCCESS &&

+				    Z_TYPE_PP(zns) == IS_STRING) {

 					set_ns_and_type_ex(node, Z_STRVAL_PP(zns), Z_STRVAL_PP(zstype));

 				} else {

 					set_ns_and_type_ex(node, NULL, Z_STRVAL_PP(zstype));

@@ -454,10 +459,12 @@ static xmlNodePtr master_to_xml_int(encodePtr encode, zval *data, int style, xml

 			}

 		}

-		if (zend_hash_find(ht, "enc_name", sizeof("enc_name"), (void **)&zname) == SUCCESS) {

+		if (zend_hash_find(ht, "enc_name", sizeof("enc_name"), (void **)&zname) == SUCCESS &&

+		    Z_TYPE_PP(zname) == IS_STRING) {

 			xmlNodeSetName(node, BAD_CAST(Z_STRVAL_PP(zname)));

 		}

-		if (zend_hash_find(ht, "enc_namens", sizeof("enc_namens"), (void **)&znamens) == SUCCESS) {

+		if (zend_hash_find(ht, "enc_namens", sizeof("enc_namens"), (void **)&znamens) == SUCCESS &&

+		    Z_TYPE_PP(zname) == IS_STRING) {

 			xmlNsPtr nsp = encode_add_ns(node, Z_STRVAL_PP(znamens));

 			xmlSetNs(node, nsp);

 		}

diff --git a/ext/soap/soap.c b/ext/soap/soap.c

index 9ec6347..d460c17 100644

--- a/ext/soap/soap.c

+++ b/ext/soap/soap.c

@@ -3915,7 +3915,8 @@ static xmlDocPtr serialize_response_call(sdlFunctionPtr function, char *function

 		}

 		if (version == SOAP_1_1) {

-			if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS) {

+			if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS &&

+			    Z_TYPE_PP(tmp) == IS_STRING) {

 				size_t new_len;

 				xmlNodePtr node = xmlNewNode(NULL, BAD_CAST("faultcode"));

 				char *str = php_escape_html_entities((unsigned char*)Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), &new_len, 0, 0, NULL TSRMLS_CC);

@@ -3940,7 +3941,8 @@ static xmlDocPtr serialize_response_call(sdlFunctionPtr function, char *function

 			}

 			detail_name = "detail";

 		} else {

-			if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS) {

+			if (zend_hash_find(prop, "faultcode", sizeof("faultcode"), (void**)&tmp) == SUCCESS &&

+			    Z_TYPE_PP(tmp) == IS_STRING) {

 				size_t new_len;

 				xmlNodePtr node = xmlNewChild(param, ns, BAD_CAST("Code"), NULL);

 				char *str = php_escape_html_entities((unsigned char*)Z_STRVAL_PP(tmp), Z_STRLEN_PP(tmp), &new_len, 0, 0, NULL TSRMLS_CC);

-- 

2.1.4

From 75f40ae1f3a7ca837d230f099627d121f9b3a32f Mon Sep 17 00:00:00 2001

From: Dmitry Stogov <dmitry@zend.com>

Date: Fri, 27 Mar 2015 18:40:58 +0300

Subject: [PATCH] Fixed bug #69293

---

 ext/soap/php_encoding.c | 2 +-

 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/soap/php_encoding.c b/ext/soap/php_encoding.c

index 31f1f7c..13be2a5 100644

--- a/ext/soap/php_encoding.c

+++ b/ext/soap/php_encoding.c

@@ -464,7 +464,7 @@ static xmlNodePtr master_to_xml_int(encodePtr encode, zval *data, int style, xml

 			xmlNodeSetName(node, BAD_CAST(Z_STRVAL_PP(zname)));

 		}

 		if (zend_hash_find(ht, "enc_namens", sizeof("enc_namens"), (void **)&znamens) == SUCCESS &&

-		    Z_TYPE_PP(zname) == IS_STRING) {

+		    Z_TYPE_PP(znamens) == IS_STRING) {

 			xmlNsPtr nsp = encode_add_ns(node, Z_STRVAL_PP(znamens));

 			xmlSetNs(node, nsp);

 		}

-- 

2.1.4

From 997b7e56302710bb3db00b56d0629ac75d73a207 Mon Sep 17 00:00:00 2001

From: Xinchen Hui <laruence@php.net>

Date: Fri, 27 Feb 2015 23:32:32 +0800

Subject: [PATCH] Fixed bug #69085 (SoapClient's __call() type confusion

 through unserialize()).

---

 NEWS                              |  4 ++++

 ext/soap/soap.c                   |  6 +++---

 ext/soap/tests/bugs/bug69085.phpt | 17 +++++++++++++++++

 3 files changed, 24 insertions(+), 3 deletions(-)

 create mode 100644 ext/soap/tests/bugs/bug69085.phpt

diff --git a/ext/soap/tests/bugs/bug69085.phpt b/ext/soap/tests/bugs/bug69085.phpt

new file mode 100644

index 0000000..cb27cfd

--- /dev/null

+++ b/ext/soap/tests/bugs/bug69085.phpt

@@ -0,0 +1,17 @@

+--TEST--

+Bug #69085 (SoapClient's __call() type confusion through unserialize())

+--SKIPIF--

+

+--INI--

+soap.wsdl_cache_enabled=0

+--FILE--

+

+

+$dummy = unserialize('O:10:"SoapClient":5:{s:3:"uri";s:1:"a";s:8:"location";s:22:"http://localhost/a.xml";s:17:"__default_headers";i:1337;s:15:"__last_response";s:1:"a";s:5:"trace";s:1:"x";}');

+try {

+	$dummy->whatever();

+} catch (Exception $e) {

+	echo "okey";

+}

+--EXPECT--

+okey

-- 

2.1.4

From ff70b40dc978f3f4c457f72a71bb43fd17ee360b Mon Sep 17 00:00:00 2001

From: Remi Collet <remi@php.net>

Date: Mon, 13 Apr 2015 14:39:11 +0200

Subject: [PATCH] fix type in fix for #69085

---

 ext/soap/soap.c | 6 +++---

 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ext/soap/soap.c b/ext/soap/soap.c

index 41aa1ad..1b8f545 100644

--- a/ext/soap/soap.c

+++ b/ext/soap/soap.c

@@ -2549,7 +2549,7 @@ static int do_request(zval *this_ptr, xmlDoc *request, char *location, char *act

 	}

 	if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS &&

-	    (Z_LVAL_PP(trace) == IS_BOOL || Z_LVAL_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) {

+	    (Z_TYPE_PP(trace) == IS_BOOL || Z_TYPE_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) {

 		add_property_stringl(this_ptr, "__last_request", buf, buf_size, 1);

 	}

@@ -2589,7 +2589,7 @@ static int do_request(zval *this_ptr, xmlDoc *request, char *location, char *act

 		}

 		ret = FALSE;

 	} else if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS &&

-	           (Z_LVAL_PP(trace) == IS_BOOL || Z_LVAL_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) {

+	           (Z_TYPE_PP(trace) == IS_BOOL || Z_TYPE_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) {

 		add_property_stringl(this_ptr, "__last_response", Z_STRVAL_P(response), Z_STRLEN_P(response), 1);

 	}

 	xmlFree(buf);

@@ -2629,7 +2629,7 @@ static void do_soap_call(zval* this_ptr,

 	SOAP_CLIENT_BEGIN_CODE();

 	if (zend_hash_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace"), (void **) &trace) == SUCCESS &&

-	    (Z_LVAL_PP(trace) == IS_BOOL || Z_LVAL_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) {

+	    (Z_TYPE_PP(trace) == IS_BOOL || Z_TYPE_PP(trace) == IS_LONG) && Z_LVAL_PP(trace) != 0) {

 		zend_hash_del(Z_OBJPROP_P(this_ptr), "__last_request", sizeof("__last_request"));

 		zend_hash_del(Z_OBJPROP_P(this_ptr), "__last_response", sizeof("__last_response"));

 	}

-- 

2.1.4