php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #45706 Serializing of ArrayIterator extended Objects
Submitted: 2008-08-04 12:20 UTC Modified: 2008-08-31 23:13 UTC
From: bobka at bigfoot dot com Assigned: colder (profile)
Status: Closed Package: SPL related
PHP Version: 5.2.6 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
 [2008-08-04 12:20 UTC] bobka at bigfoot dot com 
Description:
------------
This is a very special case.

If an object of class that extends ArrayIterator is saved in session data and the class definition is not available in a later call, then the session data gets corrupted.

Call the example code three times to see the bug.

Reproduce code:
---------------
<?php
// start session
session_start();

// display session data
echo "<pre>".print_r($_SESSION,true)."</pre><br>";

// already initialized?
if (!isset($_SESSION['first']))
{
  // bug occures only if the class is not defined later
  // and only if it extends ArrayIterator
  class my_array extends ArrayIterator
  {
  }

  $_SESSION['first'] = "The first entry is ok";

  $t = new my_array();
  
  // at least one member needed
  $t[] = "this gets lost";

  $_SESSION['killer'] = $t;

  $_SESSION['this_is_going_to_be_messed_up'] = "The value of the entry is ok";

  $_SESSION['last'] = "The last entry is ok";
}


Expected result:
----------------
At first call:
Array
(
)

At second call:
Array
(
    [first] => The first entry is ok
    [killer] => __PHP_Incomplete_Class Object
        (
            [__PHP_Incomplete_Class_Name] => my_array
            [0] => this gets lost
        )

    [this_is_going_to_be_messed_up] => The value of the entry is ok
    [last] => The last entry is ok
)

At third call
Array
(
    [first] => The first entry is ok
    [killer] => __PHP_Incomplete_Class Object
        (
            [__PHP_Incomplete_Class_Name] => my_array
            [0] => this gets lost
        )

    [this_is_going_to_be_messed_up] => The value of the entry is ok
    [last] => The last entry is ok
)


Actual result:
--------------
At third call:

Notice: session_start() [function.session-start]: Unexpected end of serialized data in test.php on line 3

Array
(
    [first] => The first entry is ok
    [killer] => 
    [}this_is_going_to_be_messed_up] => The value of the entry is ok
    [last] => The last entry is ok
)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-08-04 12:51 UTC] jani@php.net 
The class has to be defined before session_start() call.
Documentation for session seems to lack this little note..
 [2008-08-06 08:38 UTC] bobka at bigfoot dot com 
To define the class before session_start is the usual case. But if two applications use the same session data, where one part of session data is shared between applications and other are used exclusively, you don't have to include *all* class definitions in each application. In this case the part of session data, that is not defined, should be preserved and not corrupted, shouldn't it?
 [2008-08-06 08:45 UTC] bobka at bigfoot dot com 
The bug is somewhere in "php" or "php_bin" serialize_handler that is used to serialize _SESSION
 [2008-08-06 16:46 UTC] jani@php.net 
Does this happen only with the ArrayIterator?
 [2008-08-06 16:51 UTC] bobka at bigfoot dot com 
Yes, it happens only with classes that extend ArrayIterator
 [2008-08-29 15:01 UTC] dmitry@php.net 
Fixed in CVS HEAD and PHP_5_3.
 [2008-08-31 23:13 UTC] colder@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

thanks Dmitry!
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Oct 30 22:00:01 2025 UTC