php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69761 Serialization of anonymous classes should be prevented
Submitted: 2015-06-05 17:19 UTC Modified: 2015-06-06 01:56 UTC
From: mhujer at gmail dot com Assigned: krakjoe (profile)
Status: Closed Package: *General Issues
PHP Version: master-Git-2015-06-05 (snap) OS: Windows 8/Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mhujer at gmail dot com
New email:
PHP Version: OS:

 

 [2015-06-05 17:19 UTC] mhujer at gmail dot com
Description:
------------
According to the Anonymous classes RFC (https://wiki.php.net/rfc/anonymous_classes), it should not be possible to serialize them ("Serialization is not supported, and will error just as anonymous functions do.").

But it is possible to serialize them in latest snapshot (Windows) or in 3v4l.org http://3v4l.org/tIEp7 - but the unserialization fails.

When I try to serialize Closure, exception with "Serialization of 'Closure' is not allowed" is thrown.

Test script:
---------------
<?php
$instance = new class('foo') {
    public function __construct($i) {
        var_dump($i);
    }
};
var_dump($instance);
var_dump(serialize($instance));
var_dump(unserialize(serialize($instance)));

$a = function ($a) {};
var_dump($a);
var_dump(serialize($a));
var_dump(unserialize(serialize($a)));



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-06-06 01:56 UTC] laruence@php.net
-Assigned To: +Assigned To: krakjoe
 [2015-06-13 02:54 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d96dda8d49711303d14471ac59ba929892bc532a
Log: Fixed Bug #69761 (Serialization of anonymous classes should be prevented)
 [2015-06-13 02:54 UTC] laruence@php.net
-Status: Assigned +Status: Closed
 [2015-06-23 18:04 UTC] ab@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d96dda8d49711303d14471ac59ba929892bc532a
Log: Fixed Bug #69761 (Serialization of anonymous classes should be prevented)
 [2016-07-20 11:38 UTC] davey@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d96dda8d49711303d14471ac59ba929892bc532a
Log: Fixed Bug #69761 (Serialization of anonymous classes should be prevented)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 13:01:29 2024 UTC