|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2013-08-02 11:20 UTC] mike@php.net
-Status: Open
+Status: Not a bug
[2013-08-02 11:20 UTC] mike@php.net
[2013-08-03 12:28 UTC] anon at anon dot anon
[2013-08-03 12:43 UTC] johannes@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Wed Nov 05 15:00:01 2025 UTC |
Description: ------------ I think the unserialize method should have a final string length check. You can make objects disappear just running the code in the Test Script: This code outputs just the first object. This is something it can easily happend when you are working with sockets or data streams. Probably it is the developer's fault but actually to serialized objects together are not only one object. I think checking the string length at the end of the parser and rising a warning is enough to alert the developer that this things are happening. Test script: --------------- $o1 = new stdClass(); $o1->name = 'Object1'; $o2 = new stdClass(); $o2->name = 'Object2'; $objects = serialize($o1) . serialize($o2); print_r(unserialize($objects)); Expected result: ---------------- A warning Actual result: -------------- Only the first object: stdClass Object ( [name] => Object1 )