|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #28359 serialize() combined with references and objects modifies $this
Submitted: 2004-05-11 14:23 UTC Modified: 2004-07-05 12:30 UTC
Avg. Score:3.5 ± 0.5
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: mira at st dot jyu dot fi Assigned:
Status: Wont fix Package: Class/Object related
PHP Version: 4.3.4 OS: Linux Mandrake 10.0
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: mira at st dot jyu dot fi
New email:
PHP Version: OS:


 [2004-05-11 14:23 UTC] mira at st dot jyu dot fi
See the attached script. The problem is reproduceable with PHP 4.3.4 on Apache 2.0.48 (Apache and PHP versions that are distributed with Mandrake 10.0).

The problem seems to be caused by method setX(). If I replace that method with
	function setX($x) {
		return $this->x = $x;
	function &setX($x) {
		$this->x = $x;
		return $this->x;
I get the expected end result. [Note that the former doesn't return the reference so it isn't equivalent to original code.]

Also note that if I remove the first echo, the result of the second echo is different so it seems that serialize($this) is modifying $this. It might be that object's internal represenation is already trashed, though.

Reproduce code:
class foo
	function test() {
		echo "this = ".serialize($this)."\n";
		echo "this->getX() = ".serialize($this->getX())."\n";
	function &setX($x) {
		return $this->x = $x;
	function &getX() {
		return $this->x;
$foo =& new foo();

Expected result:
this = O:3:"foo":1:{s:1:"x";s:2:"28";}
this->getX() = s:2:"28";

Actual result:
this = O:3:"foo":1:{s:1:"x";O:3:"foo":1:{s:1:"x";N;}}
this->getX() = O:3:"foo":1:{s:1:"x";O:3:"foo":1:{s:1:"x";R:2;}}


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2004-07-05 11:21 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

 [2004-07-05 11:25 UTC]
I mistook this as a PHP5 problem.
This issue has been addressed in PHP5.

You don't return a scalar value that is not a variable 
as reference.

function &foo() {
  return $a;

function &bar() {
  return $a = %b;

function &baz() {
  return @$a;

 [2004-07-05 12:30 UTC] mira at st dot jyu dot fi
I'm totally happy if constructs like
function &setX($x) {
  return $this->x = $x; }
are not allowed but then the compiler should complain. The thing is, 4.3.x returns more or less random results if one does this. If the above is not meant to be equivalent to
function &setX($x) {
  $this->x = $x; $a =& $this->x; return $a; }
then the compiler should say so. Surely, returning a reference to a member isn't disallowed? I've seen PHP to crash in more complex scenarios because of this.

If PHP 4.x is still supported, this should be fixed (compiler should report parse error OR returned value should make some sense). The trigger seems to be modifying a member value and returning a reference to it in the same statement.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Fri Jun 09 12:03:39 2023 UTC