PHP :: Bug #35281 :: Session extension does not respect visibility of _

Bug #35281

Session extension does not respect visibility of __sleep()

Submitted:

2005-11-18 19:08 UTC

Modified:

2005-11-26 01:00 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	1 (100.0%)

From:

mike at naberezny dot com

Assigned:

Status:

No Feedback

Package:

Class/Object related

PHP Version:

5.0.5

OS:

Windows XP

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	mike at naberezny dot com
New email:
PHP Version:		OS:

New Comment:

[2005-11-18 19:08 UTC] mike at naberezny dot com

Description:
------------
The session extension does not respect the visibility of the __sleep() method.  If __sleep() is protected or private, calling serialize() will raise a fatal error.  However, the session extension will still serialize it.

Reproduce code:
---------------
<?php
class Foo { protected function __sleep() {} }

$_SESSION['foo'] = new Foo();
var_dump($_SESSION['foo']);
?>

Expected result:
----------------
"Fatal error:  Call to protected method Foo::__sleep() from context..." at the time of assignment.

Actual result:
--------------
object(Foo)#1 (0) {
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-11-18 19:25 UTC] tony2001@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip

[2005-11-18 20:29 UTC] mike at naberezny dot com

The result is the same using the latest Win32 build from snaps.

C:\php5.1>php -n -v
PHP 5.1.0RC7-dev (cli) (built: Nov 18 2005 16:36:58)
Copyright (c) 1997-2005 The PHP Group
Zend Engine v2.1.0-dev, Copyright (c) 1998-2005 Zend Technologies

C:\php5.1>php -n -r "class Foo { protected function __sleep() {} } $_SESSION['foo'] = new Foo(); var_dump($_SESSION['foo']);"

object(Foo)#1 (0) {
}

[2005-11-18 20:37 UTC] tony2001@php.net

That's interesting, because I get the following:

object(Foo)#1 (0) {
}

Fatal error: Call to protected method Foo::__sleep() from context '' in Unknown on line 0

Please check your display_errors and error_reporting settings.

[2005-11-26 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

[2007-05-06 18:11 UTC] woociek at zwm dot punkt dot pl

I get these 2 error when trying to extend my session:

Fatal error: Call to private method UserSession::session_write() from context '' in Unknown on line 0

Fatal error: Call to private method UserSession::session_close() from context '' in Unknown on line 0

This is how it looks (function is called in UserSession cnstructor):

session_set_save_handler(
            array(&$this, 'session_open'),
            array(&$this, 'session_close'),
            array(&$this, 'session_read'),
            array(&$this, 'session_write'),
            array(&$this, 'session_destroy'),
            array(&$this, 'session_gc')
        );

All UserSession methods are PRIVATE and only write and close raises FATAL ERROR ... 

Changing visibility to public solves the problem... and I don't know why ...

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 15:01:29 2024 UTC