php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70719 ReflectionParameter + serialize()
Submitted: 2015-10-15 12:21 UTC Modified: 2018-09-29 12:51 UTC
From: andreas at dqxtech dot net Assigned:
Status: Duplicate Package: Reflection related
PHP Version: irrelevant OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: andreas at dqxtech dot net
New email:
PHP Version: OS:

 

 [2015-10-15 12:21 UTC] andreas at dqxtech dot net
Description:
------------
Trying to serialize a ReflectionMethod object raises a warning.
Trying to serialize and unserialize a ReflectionParameter is ok, but then ::isOptional() on the unserialized reflection parameter causes a fatal error.

https://3v4l.org/t1bCc

Fatal error: ReflectionParameter::isOptional(): Internal error: Failed to retrieve the reflection object

The minimum fix (without major behavior change) would be to make the error message more meaningful, and mention that the reflection parameter was unserialized. Instead of "Failed to retrieve reflection object" it could say "Cannot call ::isOptional() on an unserialized ReflectionParameter object."

Preferable would be to implement a more consistent behavior, so one of the following options:

1. Fully support serialization for reflection objects. Unserializing might possibly trigger autoload, so the class or function can be parsed again (*). Objects referenced from the reflection objects would be serialized too.

2. Support serialization for reflection objects that do not depend on instances. E.g. for classes, static methods and functions, but not for ReflectionObject and things depending on it.

3. Refuse to serialize any reflection objects, including ReflectionParameter.

(*) We need to consider the case where code changes between serialization and unserialization.. But this is a known problem with serialization, and not specific to reflection objects.

Test script:
---------------
<?php

class C {
    static function foo($x = null) {}
}

$reflMethod = new ReflectionMethod('C', 'foo');
$reflParam = $reflMethod->getParameters()[0];

// Warning: Attempted to serialize unserializable builtin class ReflectionMethod
$serReflMethod = serialize($reflMethod);

// No warning.
$serReflParam = serialize($reflParam);
$unserReflParam = unserialize($serReflParam);

// Fatal error: ReflectionParameter::isOptional(): Internal error: Failed to retrieve the reflection object
$unserReflParam->isOptional();


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-10-15 13:16 UTC] ab@php.net
-PHP Version: 7.0.0RC5 +PHP Version: irrelevant
 [2015-10-15 13:18 UTC] ab@php.net
-Status: Open +Status: Verified
 [2018-09-29 12:51 UTC] nikic@php.net
-Status: Verified +Status: Duplicate
 [2018-09-29 12:51 UTC] nikic@php.net
Closing as a duplicate of bug #76737. Serialization of reflection objects is now explicitly denied and will generate an exception.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Sat Oct 25 20:00:01 2025 UTC