ext/soap: Deprecate passing an int to SoapServer::addFunction() (#15310)

Also deprecate SOAP_FUNCTIONS_ALL constant. RFC: https://wiki.php.net/rfc/deprecations_php_8_4#deprecate_soap_functions_all_constant_and_passing_it_to_soapserveraddfunction
2024-11-23 18:04:36 +08:00 · 2024-08-09 17:41:02 +01:00 · 2024-08-09 17:41:02 +01:00 · 42497c1ea5
commit 42497c1ea5
parent cbcad9fdaf
6 changed files with 26 additions and 3 deletions
--- a/6
+++ b/6
@ -45,6 +45,12 @@ PHP                                                                        NEWS
  . INI settings session.sid_length and session.sid_bits_per_character are now
    deprecated. (timwolla)

+- SOAP:
+  . Passing an int to SoapServer::addFunction() is now deprecated.
+    If all PHP functions need to be provided flatten the array returned by
+    get_defined_functions(). (Girgias)
+  . The SOAP_FUNCTIONS_ALL constant is now deprecated. (Girgias)
+
 - SPL:
  . The SplFixedArray::__wakeup() method has been deprecated as it implements
    __serialize() and __unserialize() which need to be overwritten instead.
--- a/8
+++ b/8
@ -473,6 +473,14 @@ PHP 8.4 UPGRADE NOTES
    hexadecimal session IDs and stop changing these two INI settings.
    RFC: https://wiki.php.net/rfc/deprecations_php_8_4

+- SOAP:
+  . Passing an int to SoapServer::addFunction() is now deprecated.
+    If all PHP functions need to be provided flatten the array returned by
+    get_defined_functions().
+    RFC: https://wiki.php.net/rfc/deprecations_php_8_4#deprecate_soap_functions_all_constant_and_passing_it_to_soapserveraddfunction
+  . The SOAP_FUNCTIONS_ALL constant is now deprecated.
+    RFC: https://wiki.php.net/rfc/deprecations_php_8_4#deprecate_soap_functions_all_constant_and_passing_it_to_soapserveraddfunction
+
 - SPL:
  . The SplFixedArray::__wakeup() method has been deprecated as it implements
    __serialize() and __unserialize() which need to be overwritten instead.
--- a/ext/soap/soap.c
+++ b/ext/soap/soap.c
@ -1206,6 +1206,11 @@ PHP_METHOD(SoapServer, addFunction)
 		zend_string_release_ex(key, 0);
 	} else if (Z_TYPE_P(function_name) == IS_LONG) {
 		if (Z_LVAL_P(function_name) == SOAP_FUNCTIONS_ALL) {
+			php_error_docref(NULL, E_DEPRECATED, "Enabling all functions via SOAP_FUNCTIONS_ALL is deprecated since 8.4, due to possible security concerns."
+				" If all PHP functions should be enabled, the flattened return value of get_defined_functions() can be used");
+			if (UNEXPECTED(EG(exception))) {
+				RETURN_THROWS();
+			}
 			if (service->soap_functions.ft != NULL) {
 				zend_hash_destroy(service->soap_functions.ft);
 				efree(service->soap_functions.ft);
--- a/ext/soap/soap.stub.php
+++ b/ext/soap/soap.stub.php
@ -44,6 +44,7 @@ namespace {
    /**
     * @var int
     * @cvalue SOAP_FUNCTIONS_ALL
+     * @deprecated since 8.4
     */
    const SOAP_FUNCTIONS_ALL = UNKNOWN;

--- a/ext/soap/soap_arginfo.h
+++ b/ext/soap/soap_arginfo.h
@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: 81d0b54b93829f3cd4b12731f6b6ae140b06a0f1 */
+ * Stub hash: 66221c42416635403ee6d49c12884e94073b67f2 */

 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_use_soap_error_handler, 0, 0, _IS_BOOL, 0)
 	ZEND_ARG_TYPE_INFO_WITH_DEFAULT_VALUE(0, enable, _IS_BOOL, 0, "true")
@ -239,7 +239,7 @@ static void register_soap_symbols(int module_number)
 	REGISTER_LONG_CONSTANT("SOAP_1_2", SOAP_1_2, CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("SOAP_PERSISTENCE_SESSION", SOAP_PERSISTENCE_SESSION, CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("SOAP_PERSISTENCE_REQUEST", SOAP_PERSISTENCE_REQUEST, CONST_PERSISTENT);
-	REGISTER_LONG_CONSTANT("SOAP_FUNCTIONS_ALL", SOAP_FUNCTIONS_ALL, CONST_PERSISTENT);
+	REGISTER_LONG_CONSTANT("SOAP_FUNCTIONS_ALL", SOAP_FUNCTIONS_ALL, CONST_PERSISTENT | CONST_DEPRECATED);
 	REGISTER_LONG_CONSTANT("SOAP_ENCODED", SOAP_ENCODED, CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("SOAP_LITERAL", SOAP_LITERAL, CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("SOAP_RPC", SOAP_RPC, CONST_PERSISTENT);
--- a/ext/soap/tests/server003.phpt
+++ b/ext/soap/tests/server003.phpt
@ -26,7 +26,10 @@ EOF;
 $server->handle($HTTP_RAW_POST_DATA);
 echo "ok\n";
 ?>
--EXPECT--
+--EXPECTF--
+Deprecated: Constant SOAP_FUNCTIONS_ALL is deprecated in %s on line %d
+
+Deprecated: SoapServer::addFunction(): Enabling all functions via SOAP_FUNCTIONS_ALL is deprecated since 8.4, due to possible security concerns. If all PHP functions should be enabled, the flattened return value of get_defined_functions() can be used in %s on line %d
 <?xml version="1.0" encoding="UTF-8"?>
 <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://testuri.org" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><ns1:strlenResponse><return xsi:type="xsd:int">11</return></ns1:strlenResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>
 ok