|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2017-12-20 16:27 UTC] axtux at hotmail dot com
Description: ------------ Versions tested and affected : PHP 7.0.28-dev (cli) (built: Dec 20 2017 16:38:38) ( NTS ) PHP 7.0.22-0ubuntu0.16.04.1 (cli) ( NTS ) PHP serialization is buggy when using private class variables. Steps to reproduce : 1. create Test class with at least one private variable 2. create an instance of this class and serialize it This leads to notice/warning/error when unserializing serialized string. See test snippet of code https://pastebin.com/D9yM4G58 Test script: --------------- error_reporting(E_ALL); class Test { public $v1; private $v2; } $t = new Test(); $s = serialize($t); echo $s; // copy value or notice is not shown $s = 'O:4:"Test":2:{s:2:"v1";N;s:8:"Testv2";N;}'; $u = unserialize($s); Expected result: ---------------- good variable name length Actual result: -------------- variable name length is 2 more than expected PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Wed Jul 09 13:01:36 2025 UTC |
Serialized strings are binary data containing mostly printable characters. Your $s = 'O:4:"Test":2:{s:2:"v1";N;s:8:"Testv2";N;}'; is invalid. Simply echoing the original $s will not show you the full picture. Try with addslashes().You misunderstood. The string 'O:4:"Test":2:{s:2:"v1";N;s:8:"Testv2";N;}' is actually what is returned by serialize function. Try it. The reason why I set $s to it because for some reasons, unserialize(serialize($obj)) does not print a notice (maybe some optimization ?).> The string 'O:4:"Test":2:{s:2:"v1";N;s:8:"Testv2";N;}' is actually what is returned by serialize function. Try it. No, actually, it isn't. Read what I said.