php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #14235 serialize and setlocale: inconsistent behavior
Submitted: 2001-11-26 10:36 UTC Modified: 2002-04-09 18:44 UTC
From: aulbach at fidion dot de Assigned:
Status: Closed Package: *Languages/Translation
PHP Version: 4.0.6 OS: linux
Private report: No CVE-ID: None
 [2001-11-26 10:36 UTC] aulbach at fidion dot de
The following script

<?php
$a=3.14;
echo "<pre>$a type ". gettype($a);

$olc=setlocale(LC_ALL,0);
setlocale(LC_ALL,'de_DE');

echo "\n$a type ". gettype($a);

$ser=serialize($a);

echo "\nSER: #$ser#\n";

setlocale(LC_ALL,$olc);

$b=unserialize($ser);

echo "$b  type ". gettype($b);
?>

.... produces this output:

3.14 type double
3,14 type double
SER: #d:3,14;#
3  type double

This type of error can happen in cases, where a localized user-fronted stores some vars  for example in a Database via serialize and another program (e.g. background process, which doesn't need to be localized) reads it. In those cases, the result is not correct (=error). The problem is, that this is not obvious, because a "normal" programmer trust on serialize(), because the documentation says

     "serialize() returns a string containing a byte-stream representation of value
     that can be stored anywhere."

In other words: You can trust serialize, that it always can be unserialized.

Opportunities to solve the problem:

- serialize() stores the vars langague independed (always use '.').
- unserialize() reads double vars either with '.' or ','.
- both
- unserialize() checks, if serialized string and and resulting type is identical, if not returns with error.
- Big hint in docs

Maybe it's a good idea to check (un)serialize in general for similar errors.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-04-09 18:44 UTC] jimw@php.net
This bug has already been fixed in the latest released version of
PHP, which you can download at http://www.php.net/downloads.php

this was fixed in 4.1.x with the switch to a non-sprintf-based serialize implementation.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 16:01:28 2024 UTC