php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #43852 serialize() uses \0 in its output
Submitted: 2008-01-15 08:52 UTC Modified: 2008-01-21 13:21 UTC
From: lapo at lapo dot it Assigned:
Status: Not a bug Package: Strings related
PHP Version: 5.2.5 OS: *
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: lapo at lapo dot it
New email:
PHP Version: OS:

 

 [2008-01-15 08:52 UTC] lapo at lapo dot it
Description:
------------
It seems that bug #29865 is back: in release 5.2.5 serialize() uses "ASCII 0" to serialize private property names.

Reproduce code:
---------------
% php -r 'class A { private $t;} echo serialize(new A());'|hexdump -C

Expected result:
----------------
00000000  4f 3a 31 3a 22 41 22 3a  31 3a 7b 73 3a 34 3a 22  |O:1:"A":1:{s:4:"|
00000010  ** 41 ** 74 22 3b 4e 3b  7d                       |.A.t";N;}|

Actual result:
--------------
00000000  4f 3a 31 3a 22 41 22 3a  31 3a 7b 73 3a 34 3a 22  |O:1:"A":1:{s:4:"|
00000010  00 41 00 74 22 3b 4e 3b  7d                       |.A.t";N;}|

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-01-15 11:09 UTC] lapo at lapo dot it
On the other hand, (since 5.0.0) there is a testcase that specifically checks that the output *does indeed* use zero bytes in private&protected methods (tests/classes/bug26737.phpt).

If that testcase always succeded, I wonder how version 5.0.5 could possibly have solved the problem outlined in bug #29865 (that is, the fact that "\0" is used by serialize, the same as this bug does).
 [2008-01-21 13:21 UTC] tony2001@php.net
That's the way private/protected properties are serialized, no bug here.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 08 06:01:28 2024 UTC