php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #35281 Session extension does not respect visibility of __sleep()
Submitted: 2005-11-18 19:08 UTC Modified: 2005-11-26 01:00 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: mike at naberezny dot com Assigned:
Status: No Feedback Package: Class/Object related
PHP Version: 5.0.5 OS: Windows XP
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: mike at naberezny dot com
New email:
PHP Version: OS:

 

 [2005-11-18 19:08 UTC] mike at naberezny dot com
Description:
------------
The session extension does not respect the visibility of the __sleep() method.  If __sleep() is protected or private, calling serialize() will raise a fatal error.  However, the session extension will still serialize it.

Reproduce code:
---------------
<?php
class Foo { protected function __sleep() {} }

$_SESSION['foo'] = new Foo();
var_dump($_SESSION['foo']);
?>

Expected result:
----------------
"Fatal error:  Call to protected method Foo::__sleep() from context..." at the time of assignment.

Actual result:
--------------
object(Foo)#1 (0) {
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-11-18 19:25 UTC] tony2001@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip


 [2005-11-18 20:29 UTC] mike at naberezny dot com
The result is the same using the latest Win32 build from snaps.

C:\php5.1>php -n -v
PHP 5.1.0RC7-dev (cli) (built: Nov 18 2005 16:36:58)
Copyright (c) 1997-2005 The PHP Group
Zend Engine v2.1.0-dev, Copyright (c) 1998-2005 Zend Technologies

C:\php5.1>php -n -r "class Foo { protected function __sleep() {} } $_SESSION['foo'] = new Foo(); var_dump($_SESSION['foo']);"

object(Foo)#1 (0) {
}
 [2005-11-18 20:37 UTC] tony2001@php.net
That's interesting, because I get the following:

object(Foo)#1 (0) {
}

Fatal error: Call to protected method Foo::__sleep() from context '' in Unknown on line 0

Please check your display_errors and error_reporting settings.
 [2005-11-26 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2007-05-06 18:11 UTC] woociek at zwm dot punkt dot pl
I get these 2 error when trying to extend my session:

Fatal error: Call to private method UserSession::session_write() from context '' in Unknown on line 0

Fatal error: Call to private method UserSession::session_close() from context '' in Unknown on line 0

This is how it looks (function is called in UserSession cnstructor):

session_set_save_handler(
            array(&$this, 'session_open'),
            array(&$this, 'session_close'),
            array(&$this, 'session_read'),
            array(&$this, 'session_write'),
            array(&$this, 'session_destroy'),
            array(&$this, 'session_gc')
        );

All UserSession methods are PRIVATE and only write and close raises FATAL ERROR ... 

Changing visibility to public solves the problem... and I don't know why ...
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Oct 07 04:01:27 2024 UTC