[1.2.3] Hardening fixes

ext/cli/console.c

@@ -351,6 +351,8 @@ PHP_METHOD(Phalcon_CLI_Console, handle){
 
 	PHALCON_INIT_VAR(dispatcher);
 	phalcon_call_method_p1(dispatcher, dependency_injector, "getshared", service);
+	PHALCON_VERIFY_INTERFACE(dispatcher, phalcon_dispatcherinterface_ce);
+
 	phalcon_call_method_p1_noret(dispatcher, "settaskname", task_name);
 	phalcon_call_method_p1_noret(dispatcher, "setactionname", action_name);
 	phalcon_call_method_p1_noret(dispatcher, "setparams", params);

ext/cli/dispatcher.c

@@ -74,6 +74,8 @@ PHALCON_INIT_CLASS(Phalcon_CLI_Dispatcher){
 	zend_declare_property_string(phalcon_cli_dispatcher_ce, SL("_defaultHandler"), "main", ZEND_ACC_PROTECTED TSRMLS_CC);
 	zend_declare_property_string(phalcon_cli_dispatcher_ce, SL("_defaultAction"), "main", ZEND_ACC_PROTECTED TSRMLS_CC);
 
+	zend_class_implements(phalcon_cli_dispatcher_ce TSRMLS_CC, 1, phalcon_dispatcherinterface_ce);
+
 	return SUCCESS;
 }
 

ext/dispatcher.c

@@ -383,6 +383,7 @@ PHP_METHOD(Phalcon_Dispatcher, getParam){
 
 			PHALCON_INIT_VAR(filter);
 			phalcon_call_method_p1(filter, dependency_injector, "getshared", service);
+			PHALCON_VERIFY_INTERFACE(filter, phalcon_filterinterface_ce);
 			phalcon_call_method_p2(return_value, filter, "sanitize", param_value, filters);
 			RETURN_MM();
 		} else {

ext/flash/session.c

@@ -113,6 +113,7 @@ PHP_METHOD(Phalcon_Flash_Session, _getSessionMessages){
 
 	PHALCON_INIT_VAR(session);
 	phalcon_call_method_p1(session, dependency_injector, "getshared", service);
+	PHALCON_VERIFY_INTERFACE(session, phalcon_session_adapterinterface_ce);
 
 	PHALCON_INIT_VAR(index_name);
 	ZVAL_STRING(index_name, "_flashMessages", 1);
@@ -152,6 +153,7 @@ PHP_METHOD(Phalcon_Flash_Session, _setSessionMessages){
 
 	PHALCON_INIT_VAR(session);
 	phalcon_call_method_p1(session, dependency_injector, "getshared", service);
+	PHALCON_VERIFY_INTERFACE(session, phalcon_session_adapterinterface_ce);
 
 	PHALCON_INIT_VAR(index_name);
 	ZVAL_STRING(index_name, "_flashMessages", 1);

ext/forms/form.c

@@ -346,6 +346,7 @@ PHP_METHOD(Phalcon_Forms_Form, bind){
 
 				PHALCON_INIT_NVAR(filter);
 				phalcon_call_method_p1(filter, dependency_injector, "getshared", service_name);
+				PHALCON_VERIFY_INTERFACE(filter, phalcon_filterinterface_ce);
 			}
 
 			/** 

ext/http/cookie.c

@@ -242,6 +242,7 @@ PHP_METHOD(Phalcon_Http_Cookie, getValue){
 
 				PHALCON_INIT_VAR(crypt);
 				phalcon_call_method_p1(crypt, dependency_injector, "getshared", service);
+				PHALCON_VERIFY_INTERFACE(crypt, phalcon_cryptinterface_ce);
 
 				/** 
 				 * Decrypt the value also decoding it with base64
@@ -276,6 +277,7 @@ PHP_METHOD(Phalcon_Http_Cookie, getValue){
 
 					PHALCON_INIT_NVAR(filter);
 					phalcon_call_method_p1(filter, dependency_injector, "getshared", service);
+					PHALCON_VERIFY_INTERFACE(filter, phalcon_filterinterface_ce);
 					phalcon_update_property_this(this_ptr, SL("_filter"), filter TSRMLS_CC);
 				}
 
@@ -377,6 +379,8 @@ PHP_METHOD(Phalcon_Http_Cookie, send){
 				phalcon_call_method_p1(session, dependency_injector, "getshared", service);
 
 				if (Z_TYPE_P(session) != IS_NULL) {
+					PHALCON_VERIFY_INTERFACE(session, phalcon_session_adapterinterface_ce);
+
 					PHALCON_INIT_VAR(key);
 					PHALCON_CONCAT_SV(key, "_PHCOOKIE_", name);
 					phalcon_call_method_p2_noret(session, "set", key, definition);
@@ -398,6 +402,7 @@ PHP_METHOD(Phalcon_Http_Cookie, send){
 
 		PHALCON_INIT_VAR(crypt);
 		phalcon_call_method_p1(crypt, dependency_injector, "getshared", service);
+		PHALCON_VERIFY_INTERFACE(crypt, phalcon_cryptinterface_ce);
 
 		/**
 		 * Encrypt the value also coding it with base64
@@ -460,6 +465,7 @@ PHP_METHOD(Phalcon_Http_Cookie, restore){
 
 			PHALCON_INIT_VAR(session);
 			phalcon_call_method_p1(session, dependency_injector, "getshared", service);
+			PHALCON_VERIFY_INTERFACE(session, phalcon_session_adapterinterface_ce);
 
 			PHALCON_OBS_VAR(name);
 			phalcon_read_property_this(&name, this_ptr, SL("_name"), PH_NOISY_CC);
@@ -541,6 +547,7 @@ PHP_METHOD(Phalcon_Http_Cookie, delete){
 
 		PHALCON_INIT_VAR(session);
 		phalcon_call_method_p1(session, dependency_injector, "getshared", service);
+		PHALCON_VERIFY_INTERFACE(session, phalcon_session_adapterinterface_ce);
 
 		PHALCON_INIT_VAR(key);
 		PHALCON_CONCAT_SV(key, "_PHCOOKIE_", name);

ext/http/response.c

@@ -551,6 +551,7 @@ PHP_METHOD(Phalcon_Http_Response, redirect){
 
 		PHALCON_INIT_VAR(url);
 		phalcon_call_method_p1(url, dependency_injector, "getshared", service);
+		PHALCON_VERIFY_INTERFACE(url, phalcon_mvc_urlinterface_ce);
 
 		PHALCON_INIT_NVAR(header);
 		phalcon_call_method_p1(header, url, "get", location);

ext/http/response/cookies.c

@@ -246,6 +246,7 @@ PHP_METHOD(Phalcon_Http_Response_Cookies, set){
 
 		PHALCON_INIT_VAR(response);
 		phalcon_call_method_p1(response, dependency_injector, "getshared", service);
+		PHALCON_VERIFY_INTERFACE(response, phalcon_http_responseinterface_ce);
 
 		/** 
 		 * Pass the cookies bag to the response so it can send the headers at the of the

ext/kernel/main.h

@@ -17,6 +17,8 @@
   +------------------------------------------------------------------------+
 */
 
+#include "ext/spl/spl_exceptions.h"
+
 /** Main macros */
 #define PH_DEBUG 0
 
@@ -324,3 +326,34 @@ extern int phalcon_fetch_parameters(int num_args TSRMLS_DC, int required_args, i
 		} \
 	}
 
+#define PHALCON_VERIFY_INTERFACE(instance, interface_ce) \
+	do { \
+		if (Z_TYPE_P(instance) != IS_OBJECT || !instanceof_function_ex(Z_OBJCE_P(instance), interface_ce, 1 TSRMLS_CC)) { \
+			char *buf; \
+			if (Z_TYPE_P(instance) != IS_OBJECT) { \
+				spprintf(&buf, 0, "Unexpected value type: expected object implementing %s, %s given", interface_ce->name, zend_zval_type_name(instance)); \
+			} \
+			else { \
+				spprintf(&buf, 0, "Unexpected value type: expected object implementing %s, object of type %s given", interface_ce->name, Z_OBJCE_P(instance)->name); \
+			} \
+			PHALCON_THROW_EXCEPTION_STR(spl_ce_LogicException, buf); \
+			efree(buf); \
+			return; \
+		} \
+	} while (0)
+
+#define PHALCON_VERIFY_CLASS(instance, class_ce) \
+	do { \
+		if (Z_TYPE_P(instance) != IS_OBJECT || !instanceof_function_ex(Z_OBJCE_P(instance), class_ce, 0 TSRMLS_CC)) { \
+			char *buf; \
+			if (Z_TYPE_P(instance) != IS_OBJECT) { \
+				spprintf(&buf, 0, "Unexpected value type: expected object of type %s, %s given", class_ce->name, zend_zval_type_name(instance)); \
+			} \
+			else { \
+				spprintf(&buf, 0, "Unexpected value type: expected object of type %s, object of type %s given", class_ce->name, Z_OBJCE_P(instance)->name); \
+			} \
+			PHALCON_THROW_EXCEPTION_STR(spl_ce_LogicException, buf); \
+			efree(buf); \
+			return; \
+		} \
+	} while (0)

ext/kernel/require.c

@@ -54,9 +54,9 @@ int PHALCON_FASTCALL phalcon_internal_require(zval *return_value, const zval *re
 		file_path = Z_STRVAL_P(require_path);
 
 		#if PHP_VERSION_ID < 50400
-		ret = php_stream_open_for_zend_ex(file_path, &file_handle, ENFORCE_SAFE_MODE|USE_PATH|STREAM_OPEN_FOR_INCLUDE TSRMLS_CC);
+		ret = php_stream_open_for_zend_ex(file_path, &file_handle, ENFORCE_SAFE_MODE|USE_PATH|STREAM_OPEN_FOR_INCLUDE|IGNORE_URL TSRMLS_CC);
 		#else
-		ret = php_stream_open_for_zend_ex(file_path, &file_handle, USE_PATH|STREAM_OPEN_FOR_INCLUDE TSRMLS_CC);
+		ret = php_stream_open_for_zend_ex(file_path, &file_handle, USE_PATH|STREAM_OPEN_FOR_INCLUDE|IGNORE_URL TSRMLS_CC);
 		#endif
 
 		if (likely(ret == SUCCESS)) {

ext/logger/adapter/file.c

@@ -206,18 +206,26 @@ PHP_METHOD(Phalcon_Logger_Adapter_File, __wakeup){
 
 	PHALCON_OBS_VAR(path);
 	phalcon_read_property_this(&path, this_ptr, SL("_path"), PH_NOISY_CC);
-
+	if (Z_TYPE_P(path) != IS_STRING) {
+		PHALCON_THROW_EXCEPTION_STR(phalcon_logger_exception_ce, "Invalid data passed to Phalcon\\Logger\\Adapter\\File::__wakeup()");
+		return;
+	}
+
 	PHALCON_OBS_VAR(options);
 	phalcon_read_property_this(&options, this_ptr, SL("_options"), PH_NOISY_CC);
 	if (phalcon_array_isset_string(options, SS("mode"))) {
 		PHALCON_OBS_VAR(mode);
 		phalcon_array_fetch_string(&mode, options, SL("mode"), PH_NOISY);
+		if (Z_TYPE_P(mode) != IS_STRING) {
+			PHALCON_THROW_EXCEPTION_STR(phalcon_logger_exception_ce, "Invalid data passed to Phalcon\\Logger\\Adapter\\File::__wakeup()");
+			return;
+		}
 	} else {
 		PHALCON_INIT_NVAR(mode);
 		ZVAL_STRING(mode, "ab", 1);
 	}
-	
-	/** 
+
+	/**
 	 * Re-open the file handler if the logger was serialized
 	 */
 	PHALCON_INIT_VAR(file_handler);

ext/logger/adapter/file.h

@@ -43,7 +43,6 @@ PHALCON_INIT_FUNCS(phalcon_logger_adapter_file_method_entry){
 	PHP_ME(Phalcon_Logger_Adapter_File, getFormatter, NULL, ZEND_ACC_PUBLIC) 
 	PHP_ME(Phalcon_Logger_Adapter_File, logInternal, arginfo_phalcon_logger_adapter_file_loginternal, ZEND_ACC_PUBLIC) 
 	PHP_ME(Phalcon_Logger_Adapter_File, close, NULL, ZEND_ACC_PUBLIC) 
-	PHP_ME(Phalcon_Logger_Adapter_File, __wakeup, NULL, ZEND_ACC_PUBLIC) 
+	PHP_ME(Phalcon_Logger_Adapter_File, __wakeup, NULL, ZEND_ACC_PUBLIC)
 	PHP_FE_END
 };
-

ext/mvc/collection.c

@@ -131,9 +131,11 @@ PHP_METHOD(Phalcon_Mvc_Collection, __construct){
 		PHALCON_INIT_NVAR(models_manager);
 		phalcon_call_method_p1(models_manager, dependency_injector, "getshared", service_name);
 		if (Z_TYPE_P(models_manager) != IS_OBJECT) {
-			PHALCON_THROW_EXCEPTION_STR(phalcon_mvc_model_exception_ce, "The injected service 'modelsManager' is not valid");
+			PHALCON_THROW_EXCEPTION_STR(phalcon_mvc_model_exception_ce, "The injected service 'collectionManager' is not valid");
 			return;
 		}
+
+		PHALCON_VERIFY_INTERFACE(models_manager, phalcon_mvc_model_managerinterface_ce);
 	}
 
 	/** 
@@ -2107,6 +2109,8 @@ PHP_METHOD(Phalcon_Mvc_Collection, unserialize){
 				PHALCON_THROW_EXCEPTION_STR(phalcon_mvc_model_exception_ce, "The injected service 'collectionManager' is not valid");
 				return;
 			}
+
+			PHALCON_VERIFY_INTERFACE(manager, phalcon_mvc_model_managerinterface_ce);
 
 			/** 
 			 * Update the models manager

ext/mvc/dispatcher.c

@@ -73,7 +73,7 @@ PHALCON_INIT_CLASS(Phalcon_Mvc_Dispatcher){
 	zend_declare_property_string(phalcon_mvc_dispatcher_ce, SL("_defaultHandler"), "index", ZEND_ACC_PROTECTED TSRMLS_CC);
 	zend_declare_property_string(phalcon_mvc_dispatcher_ce, SL("_defaultAction"), "index", ZEND_ACC_PROTECTED TSRMLS_CC);
 
-	zend_class_implements(phalcon_mvc_dispatcher_ce TSRMLS_CC, 1, phalcon_mvc_dispatcherinterface_ce);
+	zend_class_implements(phalcon_mvc_dispatcher_ce TSRMLS_CC, 2, phalcon_dispatcherinterface_ce, phalcon_mvc_dispatcherinterface_ce);
 
 	return SUCCESS;
 }

ext/security.c

@@ -342,6 +342,7 @@ PHP_METHOD(Phalcon_Security, getTokenKey){
 
 	PHALCON_INIT_VAR(session);
 	phalcon_call_method_p1(session, dependency_injector, "getshared", service);
+	PHALCON_VERIFY_INTERFACE(session, phalcon_session_adapterinterface_ce);
 
 	PHALCON_INIT_VAR(key);
 	ZVAL_STRING(key, "$PHALCON/CSRF/KEY$", 1);
@@ -393,6 +394,7 @@ PHP_METHOD(Phalcon_Security, getToken){
 
 	PHALCON_INIT_VAR(session);
 	phalcon_call_method_p1(session, dependency_injector, "getshared", service);
+	PHALCON_VERIFY_INTERFACE(session, phalcon_session_adapterinterface_ce);
 
 	PHALCON_INIT_VAR(key);
 	ZVAL_STRING(key, "$PHALCON/CSRF$", 1);
@@ -439,6 +441,8 @@ PHP_METHOD(Phalcon_Security, checkToken){
 
 	PHALCON_INIT_VAR(session);
 	phalcon_call_method_p1(session, dependency_injector, "getshared", service);
+	PHALCON_VERIFY_INTERFACE(session, phalcon_session_adapterinterface_ce);
+
 	if (Z_TYPE_P(token_key) == IS_NULL) {
 		PHALCON_INIT_VAR(key);
 		ZVAL_STRING(key, "$PHALCON/CSRF/KEY$", 1);
@@ -453,6 +457,7 @@ PHP_METHOD(Phalcon_Security, checkToken){
 
 		PHALCON_INIT_VAR(request);
 		phalcon_call_method_p1(request, dependency_injector, "getshared", service);
+		PHALCON_VERIFY_INTERFACE(request, phalcon_http_requestinterface_ce);
 
 		/** 
 		 * We always check if the value is correct in post
@@ -501,6 +506,7 @@ PHP_METHOD(Phalcon_Security, getSessionToken){
 
 	PHALCON_INIT_VAR(session);
 	phalcon_call_method_p1(session, dependency_injector, "getshared", service);
+	PHALCON_VERIFY_INTERFACE(session, phalcon_session_adapterinterface_ce);
 
 	PHALCON_INIT_VAR(key);
 	ZVAL_STRING(key, "$PHALCON/CSRF$", 1);

ext/session/bag.c

@@ -151,6 +151,7 @@ PHP_METHOD(Phalcon_Session_Bag, initialize){
 
 		PHALCON_INIT_NVAR(session);
 		phalcon_call_method_p1(session, dependency_injector, "getshared", service);
+		PHALCON_VERIFY_INTERFACE(session, phalcon_session_adapterinterface_ce);
 		phalcon_update_property_this(this_ptr, SL("_session"), session TSRMLS_CC);
 	}
 

ext/tag.c

@@ -149,6 +149,7 @@ PHP_METHOD(Phalcon_Tag, getUrlService){
 
 		PHALCON_INIT_NVAR(url);
 		phalcon_call_method_p1(url, dependency_injector, "getshared", service);
+		PHALCON_VERIFY_INTERFACE(url, phalcon_mvc_urlinterface_ce);
 		phalcon_update_static_property(SL("phalcon\\tag"), SL("_urlService"), url TSRMLS_CC);
 	}
 
@@ -187,6 +188,7 @@ PHP_METHOD(Phalcon_Tag, getEscaperService){
 
 		PHALCON_INIT_NVAR(escaper);
 		phalcon_call_method_p1(escaper, dependency_injector, "getshared", service);
+		PHALCON_VERIFY_INTERFACE(escaper, phalcon_escaperinterface_ce);
 		phalcon_update_static_property(SL("phalcon\\tag"), SL("_escaperService"), escaper TSRMLS_CC);
 	}
 

ext/validation.c

@@ -502,6 +502,7 @@ PHP_METHOD(Phalcon_Validation, getValue){
 						return;
 					}
 
+					PHALCON_VERIFY_INTERFACE(filter_service, phalcon_filterinterface_ce);
 					phalcon_call_method_p2(return_value, filter_service, "sanitize", value, field_filters);
 					RETURN_MM();
 				}