From 423e133c569b7d749cba3e1b97e9e138e5f0f892 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Tue, 12 Jul 2022 20:57:19 +0200
Subject: Log `eval` content when matching on its parameter

---
 src/sp_execute.c                                           |  8 +++++---
 .../config/config_disabled_functions_eval_param.ini        |  1 +
 .../disable_function/disabled_functions_eval_param.phpt    | 14 ++++++++++++++
 3 files changed, 20 insertions(+), 3 deletions(-)
 create mode 100644 src/tests/disable_function/config/config_disabled_functions_eval_param.ini
 create mode 100644 src/tests/disable_function/disabled_functions_eval_param.phpt

diff --git a/src/sp_execute.c b/src/sp_execute.c
index a8798e4..2b8bb2e 100644
--- a/src/sp_execute.c
+++ b/src/sp_execute.c
@@ -136,9 +136,11 @@ static inline void sp_execute_handler(INTERNAL_FUNCTION_PARAMETERS, bool interna
     if (UNEXPECTED(EX(func)->op_array.type == ZEND_EVAL_CODE)) {
       const sp_list_node *config = zend_hash_str_find_ptr(SPCFG(disabled_functions), ZEND_STRL("eval"));
 
-      zend_string *filename = get_eval_filename(zend_get_executed_filename());
-      is_builtin_matching(filename, "eval", NULL, config, SPCFG(disabled_functions));
-      zend_string_release(filename);
+#if PHP_VERSION_ID >= 80000
+      is_builtin_matching(SPG(eval_source_string), "eval", "code", config, SPCFG(disabled_functions));
+#else
+      is_builtin_matching(Z_STR_P(SPG(eval_source_string)), "eval", "code", config, SPCFG(disabled_functions));
+#endif
 
       SPG(in_eval)++;
       sp_orig_execute(execute_data);
diff --git a/src/tests/disable_function/config/config_disabled_functions_eval_param.ini b/src/tests/disable_function/config/config_disabled_functions_eval_param.ini
new file mode 100644
index 0000000..b43faf1
--- /dev/null
+++ b/src/tests/disable_function/config/config_disabled_functions_eval_param.ini
@@ -0,0 +1 @@
+sp.disable_function.function("eval").param("code").drop();
diff --git a/src/tests/disable_function/disabled_functions_eval_param.phpt b/src/tests/disable_function/disabled_functions_eval_param.phpt
new file mode 100644
index 0000000..4f3f1ef
--- /dev/null
+++ b/src/tests/disable_function/disabled_functions_eval_param.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Disable functions - eval, on matching parameter
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disabled_functions_eval_param.ini
+--FILE--
+<?php 
+$var = 123456789;
+eval('$var = 1337 + 1337;');
+print("Variable: $var\n");
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'eval', because its argument 'code' content ($var = 1337 + 1337;) matched a rule in %s/tests/disable_function/disabled_functions_eval_param.php(3) : eval()'d code on line 1
-- 
cgit v1.3