PHP :: Bug #35281 :: Session extension does not respect visibility of _

Bug #35281

Session extension does not respect visibility of __sleep()

Submitted:

2005-11-18 19:08 UTC

Modified:

2005-11-26 01:00 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	1 (100.0%)

From:

mike at naberezny dot com

Assigned:

Status:

No Feedback

Package:

Class/Object related

PHP Version:

5.0.5

OS:

Windows XP

Private report:

CVE-ID:

None

View Developer Edit

[2005-11-18 19:08 UTC] mike at naberezny dot com

Description:
------------
The session extension does not respect the visibility of the __sleep() method.  If __sleep() is protected or private, calling serialize() will raise a fatal error.  However, the session extension will still serialize it.

Reproduce code:
---------------
<?php
class Foo { protected function __sleep() {} }

$_SESSION['foo'] = new Foo();
var_dump($_SESSION['foo']);
?>

Expected result:
----------------
"Fatal error:  Call to protected method Foo::__sleep() from context..." at the time of assignment.

Actual result:
--------------
object(Foo)#1 (0) {
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-11-18 19:25 UTC] tony2001@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip

[2005-11-18 20:29 UTC] mike at naberezny dot com

The result is the same using the latest Win32 build from snaps.

C:\php5.1>php -n -v
PHP 5.1.0RC7-dev (cli) (built: Nov 18 2005 16:36:58)
Copyright (c) 1997-2005 The PHP Group
Zend Engine v2.1.0-dev, Copyright (c) 1998-2005 Zend Technologies

C:\php5.1>php -n -r "class Foo { protected function __sleep() {} } $_SESSION['foo'] = new Foo(); var_dump($_SESSION['foo']);"

object(Foo)#1 (0) {
}

[2005-11-18 20:37 UTC] tony2001@php.net

That's interesting, because I get the following:

object(Foo)#1 (0) {
}

Fatal error: Call to protected method Foo::__sleep() from context '' in Unknown on line 0

Please check your display_errors and error_reporting settings.

[2005-11-26 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

[2007-05-06 18:11 UTC] woociek at zwm dot punkt dot pl

I get these 2 error when trying to extend my session:

Fatal error: Call to private method UserSession::session_write() from context '' in Unknown on line 0

Fatal error: Call to private method UserSession::session_close() from context '' in Unknown on line 0

This is how it looks (function is called in UserSession cnstructor):

session_set_save_handler(
            array(&$this, 'session_open'),
            array(&$this, 'session_close'),
            array(&$this, 'session_read'),
            array(&$this, 'session_write'),
            array(&$this, 'session_destroy'),
            array(&$this, 'session_gc')
        );

All UserSession methods are PRIVATE and only write and close raises FATAL ERROR ... 

Changing visibility to public solves the problem... and I don't know why ...

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Nov 15 12:00:01 2025 UTC