php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #6348 serializing objects which use __sleep() can cripple the serialized return
Submitted: 2000-08-25 06:12 UTC Modified: 2000-12-11 07:59 UTC
From: bachi at insign dot ch Assigned:
Status: Closed Package: Class/Object related
PHP Version: 4.0.1pl2 OS: Linux
Private report: No CVE-ID: None
 [2000-08-25 06:12 UTC] bachi at insign dot ch
If you serialize an object that uses __sleep() to define which properties should be serialized, the serialized code will be crippled if a class property is defined (and returned by __sleep() to be serialized), but not yet used in the object.

The serialized code includes then the property name, but with no value, so that the structure is crippled and it is not possible to unserialize() it.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-12-11 06:15 UTC] stas@php.net
Does it still happen in latest version? If so, please
provide short reproducing script for this behaviour.
 [2000-12-11 07:59 UTC] thies@php.net
fixed in CVS & upcoming 4.0.4
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Dec 04 22:01:29 2024 UTC