Reject V8Function passback to wrong isolate, closes #116

tests/issue_116-v8function-injection.phpt

@@ -0,0 +1,47 @@
+--TEST--
+Test V8::executeString() : Issue #116 V8Function injection into other V8Js
+--SKIPIF--
+<?php require_once(dirname(__FILE__) . '/skipif.inc'); ?>
+--FILE--
+<?php
+$a = new V8Js();
+$b = new V8Js();
+
+$a->name = 'A';
+$b->name = 'B';
+
+$a->b = $b;
+$a->executeString('PHP.b.test = function() { print("Hallo from within " + PHP.name + ".\\n"); };');
+
+// in PHP we see the property
+var_dump($b->test);
+
+// we see (and can call) the function object in instance A
+print("in A:\n");
+$a->executeString('PHP.b.test();');
+
+// in B the function object is not available
+print("in B:\n");
+$b->executeString('print(typeof PHP.b + "\\n");');
+
+try {
+	$b->executeString('PHP.test();');
+}
+catch(Exception $e) {
+	var_dump($e->getMessage());
+}
+
+unset($a);
+unset($b);
+?>
+===EOF===
+--EXPECTF--
+Warning: V8Js::executeString(): V8Function object passed to wrong V8Js instance in %s on line %d
+object(V8Function)#%d (0) {
+}
+in A:
+Hallo from within A.
+in B:
+undefined
+string(%d) "V8Js::compileString():1: TypeError: %s is not a function"
+===EOF===

v8js_convert.cc

@@ -889,8 +889,13 @@ static v8::Handle<v8::Value> php_v8js_hash_to_jsobj(zval *value, v8::Isolate *is
 	/* Object methods */
 	if (ce == php_ce_v8_function) {
 		php_v8js_object *c = (php_v8js_object *) zend_object_store_get_object(value TSRMLS_CC);
-		v8::Local<v8::Value> v8obj = v8::Local<v8::Value>::New(isolate, c->v8obj);
 
+		if(isolate != c->ctx->isolate) {
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "V8Function object passed to wrong V8Js instance");
+			return V8JS_NULL;
+		}
+
+		v8::Local<v8::Value> v8obj = v8::Local<v8::Value>::New(isolate, c->v8obj);
 		return v8obj;
 	} else if (ce) {
 		php_v8js_ctx *ctx = (php_v8js_ctx *) isolate->GetData(0);