php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #45706 Serializing of ArrayIterator extended Objects
Submitted: 2008-08-04 12:20 UTC Modified: 2008-08-31 23:13 UTC
From: bobka at bigfoot dot com Assigned: colder
Status: Closed Package: SPL related
PHP Version: 5.2.6 OS: Linux
Private report: No CVE-ID:
 [2008-08-04 12:20 UTC] bobka at bigfoot dot com
Description:
------------
This is a very special case.

If an object of class that extends ArrayIterator is saved in session data and the class definition is not available in a later call, then the session data gets corrupted.

Call the example code three times to see the bug.

Reproduce code:
---------------
<?php
// start session
session_start();

// display session data
echo "<pre>".print_r($_SESSION,true)."</pre><br>";

// already initialized?
if (!isset($_SESSION['first']))
{
  // bug occures only if the class is not defined later
  // and only if it extends ArrayIterator
  class my_array extends ArrayIterator
  {
  }

  $_SESSION['first'] = "The first entry is ok";

  $t = new my_array();
  
  // at least one member needed
  $t[] = "this gets lost";

  $_SESSION['killer'] = $t;

  $_SESSION['this_is_going_to_be_messed_up'] = "The value of the entry is ok";

  $_SESSION['last'] = "The last entry is ok";
}


Expected result:
----------------
At first call:
Array
(
)

At second call:
Array
(
    [first] => The first entry is ok
    [killer] => __PHP_Incomplete_Class Object
        (
            [__PHP_Incomplete_Class_Name] => my_array
            [0] => this gets lost
        )

    [this_is_going_to_be_messed_up] => The value of the entry is ok
    [last] => The last entry is ok
)

At third call
Array
(
    [first] => The first entry is ok
    [killer] => __PHP_Incomplete_Class Object
        (
            [__PHP_Incomplete_Class_Name] => my_array
            [0] => this gets lost
        )

    [this_is_going_to_be_messed_up] => The value of the entry is ok
    [last] => The last entry is ok
)


Actual result:
--------------
At third call:

Notice: session_start() [function.session-start]: Unexpected end of serialized data in test.php on line 3

Array
(
    [first] => The first entry is ok
    [killer] => 
    [}this_is_going_to_be_messed_up] => The value of the entry is ok
    [last] => The last entry is ok
)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-08-04 12:51 UTC] jani@php.net
The class has to be defined before session_start() call.
Documentation for session seems to lack this little note..
 [2008-08-06 08:38 UTC] bobka at bigfoot dot com
To define the class before session_start is the usual case. But if two applications use the same session data, where one part of session data is shared between applications and other are used exclusively, you don't have to include *all* class definitions in each application. In this case the part of session data, that is not defined, should be preserved and not corrupted, shouldn't it?
 [2008-08-06 08:45 UTC] bobka at bigfoot dot com
The bug is somewhere in "php" or "php_bin" serialize_handler that is used to serialize _SESSION
 [2008-08-06 16:46 UTC] jani@php.net
Does this happen only with the ArrayIterator?
 [2008-08-06 16:51 UTC] bobka at bigfoot dot com
Yes, it happens only with classes that extend ArrayIterator
 [2008-08-29 15:01 UTC] dmitry@php.net
Fixed in CVS HEAD and PHP_5_3.
 [2008-08-31 23:13 UTC] colder@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

thanks Dmitry!
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 21:01:56 2014 UTC