php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69761 Serialization of anonymous classes should be prevented
Submitted: 2015-06-05 17:19 UTC Modified: 2015-06-06 01:56 UTC
From: mhujer at gmail dot com Assigned: krakjoe (profile)
Status: Closed Package: *General Issues
PHP Version: master-Git-2015-06-05 (snap) OS: Windows 8/Linux
Private report: No CVE-ID: None
 [2015-06-05 17:19 UTC] mhujer at gmail dot com
Description:
------------
According to the Anonymous classes RFC (https://wiki.php.net/rfc/anonymous_classes), it should not be possible to serialize them ("Serialization is not supported, and will error just as anonymous functions do.").

But it is possible to serialize them in latest snapshot (Windows) or in 3v4l.org http://3v4l.org/tIEp7 - but the unserialization fails.

When I try to serialize Closure, exception with "Serialization of 'Closure' is not allowed" is thrown.

Test script:
---------------
<?php
$instance = new class('foo') {
    public function __construct($i) {
        var_dump($i);
    }
};
var_dump($instance);
var_dump(serialize($instance));
var_dump(unserialize(serialize($instance)));

$a = function ($a) {};
var_dump($a);
var_dump(serialize($a));
var_dump(unserialize(serialize($a)));



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-06-06 01:56 UTC] laruence@php.net
-Assigned To: +Assigned To: krakjoe
 [2015-06-13 02:54 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d96dda8d49711303d14471ac59ba929892bc532a
Log: Fixed Bug #69761 (Serialization of anonymous classes should be prevented)
 [2015-06-13 02:54 UTC] laruence@php.net
-Status: Assigned +Status: Closed
 [2015-06-23 18:04 UTC] ab@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d96dda8d49711303d14471ac59ba929892bc532a
Log: Fixed Bug #69761 (Serialization of anonymous classes should be prevented)
 [2016-07-20 11:38 UTC] davey@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d96dda8d49711303d14471ac59ba929892bc532a
Log: Fixed Bug #69761 (Serialization of anonymous classes should be prevented)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Oct 16 05:01:27 2024 UTC