php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70719 ReflectionParameter + serialize()
Submitted: 2015-10-15 12:21 UTC Modified: 2018-09-29 12:51 UTC
From: andreas at dqxtech dot net Assigned:
Status: Duplicate Package: Reflection related
PHP Version: irrelevant OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: andreas at dqxtech dot net
New email:
PHP Version: OS:

 

 [2015-10-15 12:21 UTC] andreas at dqxtech dot net
Description:
------------
Trying to serialize a ReflectionMethod object raises a warning.
Trying to serialize and unserialize a ReflectionParameter is ok, but then ::isOptional() on the unserialized reflection parameter causes a fatal error.

https://3v4l.org/t1bCc

Fatal error: ReflectionParameter::isOptional(): Internal error: Failed to retrieve the reflection object

The minimum fix (without major behavior change) would be to make the error message more meaningful, and mention that the reflection parameter was unserialized. Instead of "Failed to retrieve reflection object" it could say "Cannot call ::isOptional() on an unserialized ReflectionParameter object."

Preferable would be to implement a more consistent behavior, so one of the following options:

1. Fully support serialization for reflection objects. Unserializing might possibly trigger autoload, so the class or function can be parsed again (*). Objects referenced from the reflection objects would be serialized too.

2. Support serialization for reflection objects that do not depend on instances. E.g. for classes, static methods and functions, but not for ReflectionObject and things depending on it.

3. Refuse to serialize any reflection objects, including ReflectionParameter.

(*) We need to consider the case where code changes between serialization and unserialization.. But this is a known problem with serialization, and not specific to reflection objects.

Test script:
---------------
<?php

class C {
    static function foo($x = null) {}
}

$reflMethod = new ReflectionMethod('C', 'foo');
$reflParam = $reflMethod->getParameters()[0];

// Warning: Attempted to serialize unserializable builtin class ReflectionMethod
$serReflMethod = serialize($reflMethod);

// No warning.
$serReflParam = serialize($reflParam);
$unserReflParam = unserialize($serReflParam);

// Fatal error: ReflectionParameter::isOptional(): Internal error: Failed to retrieve the reflection object
$unserReflParam->isOptional();


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-10-15 13:16 UTC] ab@php.net
-PHP Version: 7.0.0RC5 +PHP Version: irrelevant
 [2015-10-15 13:18 UTC] ab@php.net
-Status: Open +Status: Verified
 [2018-09-29 12:51 UTC] nikic@php.net
-Status: Verified +Status: Duplicate
 [2018-09-29 12:51 UTC] nikic@php.net
Closing as a duplicate of bug #76737. Serialization of reflection objects is now explicitly denied and will generate an exception.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 16:01:29 2024 UTC