php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #64349 serialize don't work with class/object
Submitted: 2013-03-04 14:54 UTC Modified: 2013-03-05 22:23 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: pprem at pprem dot net Assigned:
Status: Not a bug Package: Class/Object related
PHP Version: 5.4.12 OS: Ubuntu 12.10
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: pprem at pprem dot net
New email:
PHP Version: OS:

 

 [2013-03-04 14:54 UTC] pprem at pprem dot net 
Description:
------------
serialize don't work on stdClass anymore: nothing is get as return of 
serialize($test) when $test is an object

Test script:
---------------
<?php
	function test_($var) {
		$start = serialize ($var);
		$nb_ok = $nb_nok = 0;
		for ($i = 0; $i < 100; $i ++) {
			$end = serialize(unserialize($start));
			if ($star == $end) {
				$nb_ok++;
			} else {
				$nb_nok++;
			}
		}
		print("<p>".htmlentities($start)."<br />ok=".$nb_ok."<br />nok=".$nb_nok."</p>");
	}
	test_(5);
	test_("254retet");
	test_(array(54,7,687,"ihju",24,"","52s7"));
	$test = new stdClass(); $test->bidule="57geré"; $test->truc=547; $test->machin=54.47; $test->chose="dsf24sdg"; test_($test);
	$test2 = new stdClass(); $test2->first="dflgid"; $test2->second=$test; $test2->third=2; test_($test2);
?>

Expected result:
----------------
i:5;
ok=0
nok=100

s:8:"254retet";
ok=0
nok=100

a:7:
{i:0;i:54;i:1;i:7;i:2;i:687;i:3;s:4:"ihju";i:4;i:24;i:5;s:0:"";i:6;s:4:"52s7";}
ok=0
nok=100

O:8:"stdClass":4:
{s:6:"bidule";s:6:"57geré";s:4:"truc";i:547;s:6:"machin";d:54.469999999999999;s:
5:"chose";s:8:"dsf24sdg";}
ok=0
nok=100

O:8:"stdClass":3:{s:5:"first";s:6:"dflgid";s:6:"second";O:8:"stdClass":4:
{s:6:"bidule";s:6:"57geré";s:4:"truc";i:547;s:6:"machin";d:54.469999999999999;s:
5:"chose";s:8:"dsf24sdg";}s:5:"third";i:2;}
ok=0
nok=100

Actual result:
--------------
i:5;
ok=0
nok=100

s:8:"254retet";
ok=0
nok=100

a:7:
{i:0;i:54;i:1;i:7;i:2;i:687;i:3;s:4:"ihju";i:4;i:24;i:5;s:0:"";i:6;s:4:"52s7";}
ok=0
nok=100


ok=0
nok=100


ok=0
nok=100

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-03-04 15:15 UTC] rasmus@php.net 
Your test script works fine here for me with PHP 5.4.13-dev

Do you have any special extensions loaded that might be affecting this?
Try it from the command line with php -n
 [2013-03-04 15:15 UTC] rasmus@php.net
-Status: Open +Status: Feedback
 [2013-03-05 22:19 UTC] pprem at pprem dot net 
Sorry Rasmus, I find the real problem and it's not unserialize or serialize.

I'm in France and my source files are by default in ISO-8859-1. New projects are 
in UTF-8, like yours by default I suppose.

I didn't see that htmlentities() has UTF-8 by default nor ISO-8859-1.

In the past,
<?php
print(htmlentities("je suis allé dans l'allée"));
?>
encoded in ISO-8859-1 worked. Now, it didn't display anything (perhaps a bug in 
htmlentities ?). If you encode in UTF-8, it works correctly.

I changed my program as this :
<?php
print(htmlentities("je suis allé dans l'allée",ENT_COMPAT,"ISO-8859-1"));
?>
and all is good.
 [2013-03-05 22:23 UTC] rasmus@php.net
-Status: Feedback +Status: Not a bug
 [2013-03-05 22:23 UTC] rasmus@php.net 
Nope, not a bug. From a security perspective it is safer to not output anything 
when the input cannot be parsed. You were feeding it invalid UTF8. You should 
always specify which charset your input is in when calling 
htmlentities/htmlspecialchars
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Jul 13 13:01:32 2025 UTC