php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #28082 __sleep() reproducible serialization bug (at least i hope so)
Submitted: 2004-04-20 21:12 UTC Modified: 2004-07-15 12:44 UTC
Votes:5
Avg. Score:4.8 ± 0.4
Reproduced:4 of 4 (100.0%)
Same Version:1 (25.0%)
Same OS:3 (75.0%)
From: mastabog at hotmail dot com Assigned:
Status: Not a bug Package: Scripting Engine problem
PHP Version: 5CVS-2004-04-20 (dev) OS: Win32, Linux and on all tested
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mastabog at hotmail dot com
New email:
PHP Version: OS:

 

 [2004-04-20 21:12 UTC] mastabog at hotmail dot com
Description:
------------
I posted this as a comment to an existing bug report (after it has been suspended). The bug report is 4 months old and can be found here: http://bugs.php.net/bug.php?id=26737

Everything written there (including the last comment which is mine) is still true, unfortunately.

That bug existed since my first attempt to use __sleep() in PHP5 (approx 1 year ago) and persisted since (i alway use the daily php5-cvs version)

Here is a summary (though I suggest you take a look at the original bug at the link above).

__sleep() serialization does not work unless you do this: You not only have to enclose the class name with null characters. As far as I've seen you have to enclose with
null chars *ALL* Php5 serialization identifiers of class properties types, the ones I figured out to be for now. The string that needs to be enclosed in null chars is (let x be the property name):

1. class name, if x is 'private' (i.e. "\0" . __CLASS__ . "\0x")
2. *, if x is 'protected' (i.e. "\0*\0x")
3. Null, if x is 'public' => (i.e. "x")

Here's what I mean (this is how it should be done in order to work ... meaning to avoid/workaround this bug):

<?php

class aTest
{
  public $a = 'one';
  protected $b = 'two';
  private $c = 'three';
  private $d = 'something you dont wanna save';

  function __sleep()
  {
    return array("a",
                 "\0*\0b",
                 "\0aTest\0c");
    // or
    // return array("a",
    //              "\0*\0b",
    //              "\0" . __CLASS__ . "\0c");
  }
}

?>

Anything else in the return array of __sleep() and the property will
come up empty after unserialization ... not nice.

My hope is that this *is* a bug, because forming those strings with null chars is just, well, ugly and inconsistent.

Reproduce code:
---------------
<?php

class aTest
{
  public $a = 'one';
  protected $b = 'two';
  private $c = 'three';
  private $d = 'something you dont wanna save';

  function __sleep()
  {
    return array("a",
                 "\0*\0b",
                 "\0aTest\0c");
  }

  // This is how it should be, IMHO (php4 style)
  //function __sleep()
  //{
  //  return array("a", "b", "c");
  //}

}

?>


Expected result:
----------------
With the 2nd __sleep() uncommented you should get the normal serialized properties of the object. Instead, every private/protected members come up emtpy.



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-07-15 12:44 UTC] magnus@php.net
Please do not submit the same bug more than once. An existing
bug report already describes this very problem. Even if you feel
that your issue is somewhat different, the resolution is likely
to be the same. 

Thank you for your interest in PHP.

See bug #26737
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 27 04:01:29 2024 UTC