Origin: http://svn.php.net/viewvc?view=revision&revision=317272
Subject: Fix bug #55776 (PDORow to session bug)

CVE-2012-0788

---
 ext/pdo/pdo_stmt.c |    8 ++++++++
 1 file changed, 8 insertions(+)

--- a/ext/pdo/pdo_stmt.c
+++ b/ext/pdo/pdo_stmt.c
@@ -2343,6 +2343,7 @@ static zend_object_value dbstmt_clone_ob
 }
 
 zend_object_handlers pdo_dbstmt_object_handlers;
+static int pdo_row_serialize(zval *object, unsigned char **buffer, zend_uint *buf_len, zend_serialize_data *data TSRMLS_DC);
 
 void pdo_stmt_init(TSRMLS_D)
 {
@@ -2366,6 +2367,7 @@ void pdo_stmt_init(TSRMLS_D)
 	pdo_row_ce = zend_register_internal_class(&ce TSRMLS_CC);
 	pdo_row_ce->ce_flags |= ZEND_ACC_FINAL_CLASS; /* when removing this a lot of handlers need to be redone */
 	pdo_row_ce->create_object = pdo_row_new;
+	pdo_row_ce->serialize = pdo_row_serialize;
 }
 
 static void free_statement(pdo_stmt_t *stmt TSRMLS_DC)
@@ -2789,6 +2791,12 @@ zend_object_value pdo_row_new(zend_class
 
 	return retval;
 }
+
+static int pdo_row_serialize(zval *object, unsigned char **buffer, zend_uint *buf_len, zend_serialize_data *data TSRMLS_DC)
+{
+	php_error_docref(NULL TSRMLS_CC, E_WARNING, "PDORow instances may not be serialized");
+	return FAILURE;
+}
 /* }}} */
 
 /*