PHP :: Bug #28082 :: __sleep() reproducible serialization bug (at least i hope so)

Bug #28082

__sleep() reproducible serialization bug (at least i hope so)

Submitted:

2004-04-20 21:12 UTC

Modified:

2004-07-15 12:44 UTC

Votes:	5
Avg. Score:	4.8 ± 0.4
Reproduced:	4 of 4 (100.0%)
Same Version:	1 (25.0%)
Same OS:	3 (75.0%)

From:

mastabog at hotmail dot com

Assigned:

Status:

Not a bug

Package:

Scripting Engine problem

PHP Version:

5CVS-2004-04-20 (dev)

OS:

Win32, Linux and on all tested

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	mastabog at hotmail dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2004-04-20 21:12 UTC] mastabog at hotmail dot com

Description:
------------
I posted this as a comment to an existing bug report (after it has been suspended). The bug report is 4 months old and can be found here: http://bugs.php.net/bug.php?id=26737

Everything written there (including the last comment which is mine) is still true, unfortunately.

That bug existed since my first attempt to use __sleep() in PHP5 (approx 1 year ago) and persisted since (i alway use the daily php5-cvs version)

Here is a summary (though I suggest you take a look at the original bug at the link above).

__sleep() serialization does not work unless you do this: You not only have to enclose the class name with null characters. As far as I've seen you have to enclose with
null chars *ALL* Php5 serialization identifiers of class properties types, the ones I figured out to be for now. The string that needs to be enclosed in null chars is (let x be the property name):

1. class name, if x is 'private' (i.e. "\0" . __CLASS__ . "\0x")
2. *, if x is 'protected' (i.e. "\0*\0x")
3. Null, if x is 'public' => (i.e. "x")

Here's what I mean (this is how it should be done in order to work ... meaning to avoid/workaround this bug):

<?php

class aTest
{
  public $a = 'one';
  protected $b = 'two';
  private $c = 'three';
  private $d = 'something you dont wanna save';

  function __sleep()
  {
    return array("a",
                 "\0*\0b",
                 "\0aTest\0c");
    // or
    // return array("a",
    //              "\0*\0b",
    //              "\0" . __CLASS__ . "\0c");
  }
}

?>

Anything else in the return array of __sleep() and the property will
come up empty after unserialization ... not nice.

My hope is that this *is* a bug, because forming those strings with null chars is just, well, ugly and inconsistent.

Reproduce code:
---------------
<?php

class aTest
{
  public $a = 'one';
  protected $b = 'two';
  private $c = 'three';
  private $d = 'something you dont wanna save';

  function __sleep()
  {
    return array("a",
                 "\0*\0b",
                 "\0aTest\0c");
  }

  // This is how it should be, IMHO (php4 style)
  //function __sleep()
  //{
  //  return array("a", "b", "c");
  //}

}

?>


Expected result:
----------------
With the 2nd __sleep() uncommented you should get the normal serialized properties of the object. Instead, every private/protected members come up emtpy.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-07-15 12:44 UTC] magnus@php.net

Please do not submit the same bug more than once. An existing
bug report already describes this very problem. Even if you feel
that your issue is somewhat different, the resolution is likely
to be the same. 

Thank you for your interest in PHP.

See bug #26737

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Apr 27 20:01:29 2024 UTC