php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #43852 serialize() uses \0 in its output
Submitted: 2008-01-15 08:52 UTC Modified: 2008-01-21 13:21 UTC
From: lapo at lapo dot it Assigned:
Status: Not a bug Package: Strings related
PHP Version: 5.2.5 OS: *
Private report: No CVE-ID: None
 [2008-01-15 08:52 UTC] lapo at lapo dot it
Description:
------------
It seems that bug #29865 is back: in release 5.2.5 serialize() uses "ASCII 0" to serialize private property names.

Reproduce code:
---------------
% php -r 'class A { private $t;} echo serialize(new A());'|hexdump -C

Expected result:
----------------
00000000  4f 3a 31 3a 22 41 22 3a  31 3a 7b 73 3a 34 3a 22  |O:1:"A":1:{s:4:"|
00000010  ** 41 ** 74 22 3b 4e 3b  7d                       |.A.t";N;}|

Actual result:
--------------
00000000  4f 3a 31 3a 22 41 22 3a  31 3a 7b 73 3a 34 3a 22  |O:1:"A":1:{s:4:"|
00000010  00 41 00 74 22 3b 4e 3b  7d                       |.A.t";N;}|

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-01-15 11:09 UTC] lapo at lapo dot it
On the other hand, (since 5.0.0) there is a testcase that specifically checks that the output *does indeed* use zero bytes in private&protected methods (tests/classes/bug26737.phpt).

If that testcase always succeded, I wonder how version 5.0.5 could possibly have solved the problem outlined in bug #29865 (that is, the fact that "\0" is used by serialize, the same as this bug does).
 [2008-01-21 13:21 UTC] tony2001@php.net
That's the way private/protected properties are serialized, no bug here.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Mon Dec 09 18:01:24 2019 UTC