php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70719 ReflectionParameter + serialize()
Submitted: 2015-10-15 12:21 UTC Modified: 2018-09-29 12:51 UTC
From: andreas at dqxtech dot net Assigned:
Status: Duplicate Package: Reflection related
PHP Version: irrelevant OS: Linux
Private report: No CVE-ID: None
 [2015-10-15 12:21 UTC] andreas at dqxtech dot net
Description:
------------
Trying to serialize a ReflectionMethod object raises a warning.
Trying to serialize and unserialize a ReflectionParameter is ok, but then ::isOptional() on the unserialized reflection parameter causes a fatal error.

https://3v4l.org/t1bCc

Fatal error: ReflectionParameter::isOptional(): Internal error: Failed to retrieve the reflection object

The minimum fix (without major behavior change) would be to make the error message more meaningful, and mention that the reflection parameter was unserialized. Instead of "Failed to retrieve reflection object" it could say "Cannot call ::isOptional() on an unserialized ReflectionParameter object."

Preferable would be to implement a more consistent behavior, so one of the following options:

1. Fully support serialization for reflection objects. Unserializing might possibly trigger autoload, so the class or function can be parsed again (*). Objects referenced from the reflection objects would be serialized too.

2. Support serialization for reflection objects that do not depend on instances. E.g. for classes, static methods and functions, but not for ReflectionObject and things depending on it.

3. Refuse to serialize any reflection objects, including ReflectionParameter.

(*) We need to consider the case where code changes between serialization and unserialization.. But this is a known problem with serialization, and not specific to reflection objects.

Test script:
---------------
<?php

class C {
    static function foo($x = null) {}
}

$reflMethod = new ReflectionMethod('C', 'foo');
$reflParam = $reflMethod->getParameters()[0];

// Warning: Attempted to serialize unserializable builtin class ReflectionMethod
$serReflMethod = serialize($reflMethod);

// No warning.
$serReflParam = serialize($reflParam);
$unserReflParam = unserialize($serReflParam);

// Fatal error: ReflectionParameter::isOptional(): Internal error: Failed to retrieve the reflection object
$unserReflParam->isOptional();


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-10-15 13:16 UTC] ab@php.net
-PHP Version: 7.0.0RC5 +PHP Version: irrelevant
 [2015-10-15 13:18 UTC] ab@php.net
-Status: Open +Status: Verified
 [2018-09-29 12:51 UTC] nikic@php.net
-Status: Verified +Status: Duplicate
 [2018-09-29 12:51 UTC] nikic@php.net
Closing as a duplicate of bug #76737. Serialization of reflection objects is now explicitly denied and will generate an exception.
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Fri Nov 16 03:01:26 2018 UTC