Don't allow JS to overwrite protected/private properties

tests/property_visibility-set.phpt

@@ -0,0 +1,46 @@
+--TEST--
+Test V8::executeString() : Property visibility - set
+--SKIPIF--
+<?php require_once(dirname(__FILE__) . '/skipif.inc'); ?>
+--FILE--
+<?php
+
+class Foo {
+	private $privBar = "privBar";
+	protected $protBar = "protBar";
+	public $pubBar = "pubBar";
+
+	public function dump() {
+		var_dump($this->privBar);
+		var_dump($this->protBar);
+		var_dump($this->pubBar);
+	}
+}
+
+$js = new V8Js();
+$js->foo = new Foo();
+
+$script = <<<END
+
+PHP.foo.privBar = 'jsPriv';
+PHP.foo.protBar = 'jsProt';
+PHP.foo.pubBar = 'jsPub';
+
+var_dump(PHP.foo.privBar);
+var_dump(PHP.foo.protBar);
+var_dump(PHP.foo.pubBar);
+
+END;
+
+$js->executeString($script);
+$js->foo->dump();
+?>
+===EOF===
+--EXPECT--
+string(6) "jsPriv"
+string(6) "jsProt"
+string(5) "jsPub"
+string(7) "privBar"
+string(7) "protBar"
+string(5) "jsPub"
+===EOF===

v8js_convert.cc

@@ -658,12 +658,20 @@ static inline v8::Local<v8::Value> php_v8js_named_property_callback(v8::Local<v8
 			}
 		} else if (callback_type == V8JS_PROP_SETTER) {
 			MAKE_STD_ZVAL(php_value);
-			if (v8js_to_zval(set_value, php_value, 0, isolate TSRMLS_CC) == SUCCESS) {
-				zend_update_property(scope, object, V8JS_CONST name, name_len, php_value TSRMLS_CC);
-				ret_value = set_value;
-			} else {
+			if (v8js_to_zval(set_value, php_value, 0, isolate TSRMLS_CC) != SUCCESS) {
 				ret_value = v8::Handle<v8::Value>();
 			}
+			else {
+				zval zname;
+				ZVAL_STRINGL(&zname, name, name_len, 0);
+				zend_property_info *property_info = zend_get_property_info(ce, &zname, 1 TSRMLS_CC);
+
+				if(property_info && property_info->flags & ZEND_ACC_PUBLIC) {
+					zend_update_property(scope, object, V8JS_CONST name, name_len, php_value TSRMLS_CC);
+					ret_value = set_value;
+				}
+			}
+
 			// if PHP wanted to hold on to this value, update_property would
 			// have bumped the refcount
 			zval_ptr_dtor(&php_value);