php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #37578 unserialize_callback_func in htaccess has no effect
Submitted: 2006-05-24 13:32 UTC Modified: 2006-05-24 15:30 UTC
From: tacker@php.net Assigned:
Status: Not a bug Package: Class/Object related
PHP Version: 5.1.4 OS: Gentoo Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: tacker@php.net
New email:
PHP Version: OS:

 

 [2006-05-24 13:32 UTC] tacker@php.net 
Description:
------------
Using unserialize_callback_func in a htaccess has no effect. The required classes do not get loaded.

Reproduce code:
---------------
** .htacces
php_value unserialize_callback_func "myCallBack"
php_flag session.auto_start On

** index.php
<?php

    function __autoload($class)
    {
        require_once './' . $class . '.php';
    }

    function myCallBack($class)
    {
        __autoload($class);
    }

    if (isset($_GET['kill'])) {
        session_destroy();
        session_start();
    }

    echo '<pre>';
    echo 'unserialize_callback_func: ' . ini_get('unserialize_callback_func') . "\n";

    echo '$_SESSION: ' . "\n";
    print_r($_SESSION);

    if (!isset($_SESSION['test'])) {
        $_SESSION['test'] = new MyClass;
        echo 'Created a ' . get_class($_SESSION['test']) . "\n";
        echo '$_SESSION: ' . "\n";
        print_r($_SESSION);
    }

    echo '<p><a href="?kill=true">Kill session</a></p>';
    echo '<p><a href="' . $_SERVER['PHP_SELF'] . '">Reload</a></p>';
    echo '</pre>';

?>

** MyClass.php
<?php

    class MyClass
    {
        public $test = 'TestValue';
    }

?>

Expected result:
----------------
During unserialization myCallBack should be called and a complete MyClass object should exist.

$_SESSION = Array
(
    [test] => MyClass Object
        (
            [test] => TestValue
        )

)

Actual result:
--------------
$_SESSION = Array
(
    [test] => __PHP_Incomplete_Class Object
        (
            [__PHP_Incomplete_Class_Name] => MyClass
            [test] => TestValue
        )

)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-05-24 13:43 UTC] mike@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

As you use session.auto_start and no script has been executed when the session starts PHP knows nothing about that callback.
 [2006-05-24 14:04 UTC] tacker@php.net 
Ok. But I don't understand why it shouldn't work in the future.

Why are objects in the session unserialized before the script has been parsed?

If I set unserialize_callback_func to a value in a htaccess then PHP knows about it and should call it.
 [2006-05-24 14:09 UTC] tacker@php.net 
The "test" can be downloaded here:
http://m.tacker.org/blog/wp-content/uploads/2006/05/bug_37578.tgz
 [2006-05-24 15:30 UTC] mike@php.net 
Speaking in PHP code you're actually doing:

session_start();
ini_set("unserialize_callback_func", "myCallback");

Anyway, this is a support question, not a bug.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 25 04:01:38 2024 UTC