PHP :: Bug #47244 :: serialize() of a string with a line break (\r) broken.

Bug #47244	serialize() of a string with a line break (\r) broken.
Submitted:	2009-01-29 20:32 UTC	Modified:	2009-01-29 23:59 UTC
From:	nir at winpdb dot org	Assigned:
Status:	Not a bug	Package:	*General Issues
PHP Version:	5.2.8	OS:	Ubuntu Intrepid
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	nir at winpdb dot org
New email:
PHP Version:		OS:

New Comment:

[2009-01-29 20:32 UTC] nir at winpdb dot org

Description:
------------
Isn't this a bug?

php > print serialize("hi\rho");
ho";"hi
php > print unserialize(serialize("hi\rho"));
ho

I stumbled on this while working on a Drupal system. Can this possibly have security consequences as well? if a \r on a web form breaks the internal data structures of a system?

Am I missing anything?

PS: I am actually using PHP 5.2.6 on Ubuntu Intrepid.

Cheers,
Nir

Reproduce code:
---------------
print serialize("hi\rho");

Expected result:
----------------
s:5:"hi
ho";

Actual result:
--------------
ho";"hi

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-01-29 23:59 UTC] iliaa@php.net

It works fine in CVS, its possible that the \r char when output is 
causing formatting error that hides other chars.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Aug 17 09:00:02 2025 UTC