php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Return to Bug #69210
Patch PR-1057.patch revision 2015-03-10 04:04 UTC by jrbasso at gmail dot com

Patch PR-1057.patch for *General Issues Bug #69210

Patch version 2015-03-10 04:04 UTC

Return to Bug #69210 | Download this patch
Patch Revisions:

Developer: jrbasso@gmail.com

From cbdeccd6edbd08b954f7f915d0d99a7e787f0fb6 Mon Sep 17 00:00:00 2001
From: Juan Basso <jrbasso@gmail.com>
Date: Thu, 5 Feb 2015 23:45:04 -0500
Subject: [PATCH 1/2] Fixed serialization of non string values on __sleep

Returning just N; (null) on the __sleep makes the number of fields/values be incomplete and corrupting the generated value from serialize, making impossible to unserialize it.
---
 .../tests/serialize/serialization_objects_016.phpt | 51 ++++++++++++++++++++++
 ext/standard/var.c                                 |  5 +--
 2 files changed, 52 insertions(+), 4 deletions(-)
 create mode 100644 ext/standard/tests/serialize/serialization_objects_016.phpt

diff --git a/ext/standard/tests/serialize/serialization_objects_016.phpt b/ext/standard/tests/serialize/serialization_objects_016.phpt
new file mode 100644
index 0000000..e9b6bf2
--- /dev/null
+++ b/ext/standard/tests/serialize/serialization_objects_016.phpt
@@ -0,0 +1,51 @@
+--TEST--
+serialize() integrity with non string on __sleep
+--FILE--
+<?php
+class testString
+{
+	public $a = true;
+
+	public function __sleep()
+	{
+		return array('a', '1');
+	}
+}
+
+class testInteger
+{
+	public $a = true;
+
+	public function __sleep()
+	{
+		return array('a', 1);
+	}
+}
+
+$cs = new testString();
+$ci = new testInteger();
+
+$ss =  @serialize($cs);
+echo $ss . "\n";
+
+$si = @serialize($ci);
+echo $si . "\n";
+
+var_dump(unserialize($ss));
+var_dump(unserialize($si));
+?>
+--EXPECT--
+O:10:"testString":2:{s:1:"a";b:1;s:1:"1";N;}
+O:11:"testInteger":2:{s:1:"a";b:1;s:1:"1";N;}
+object(testString)#3 (2) {
+  ["a"]=>
+  bool(true)
+  ["1"]=>
+  NULL
+}
+object(testInteger)#3 (2) {
+  ["a"]=>
+  bool(true)
+  ["1"]=>
+  NULL
+}
\ No newline at end of file
diff --git a/ext/standard/var.c b/ext/standard/var.c
index 1c5a000..ba8bf5d 100644
--- a/ext/standard/var.c
+++ b/ext/standard/var.c
@@ -705,10 +705,7 @@ static void php_var_serialize_class(smart_str *buf, zval *struc, zval *retval_pt
 
 			if (Z_TYPE_P(name) != IS_STRING) {
 				php_error_docref(NULL, E_NOTICE, "__sleep should return an array only containing the names of instance-variables to serialize.");
-				/* we should still add element even if it's not OK,
-				 * since we already wrote the length of the array before */
-				smart_str_appendl(buf,"N;", 2);
-				continue;
+				convert_to_string(name);
 			}
 			propers = Z_OBJPROP_P(struc);
 			if ((d = zend_hash_find(propers, Z_STR_P(name))) != NULL) {

From 6b7b5e777fc538ae6e62318587c3592ac37b7123 Mon Sep 17 00:00:00 2001
From: Juan Basso <jrbasso@gmail.com>
Date: Tue, 10 Mar 2015 00:01:26 -0400
Subject: [PATCH 2/2] Renamed test case to match with reported bug

---
 ext/standard/tests/serialize/bug69210.phpt         | 51 ++++++++++++++++++++++
 .../tests/serialize/serialization_objects_016.phpt | 51 ----------------------
 2 files changed, 51 insertions(+), 51 deletions(-)
 create mode 100644 ext/standard/tests/serialize/bug69210.phpt
 delete mode 100644 ext/standard/tests/serialize/serialization_objects_016.phpt

diff --git a/ext/standard/tests/serialize/bug69210.phpt b/ext/standard/tests/serialize/bug69210.phpt
new file mode 100644
index 0000000..e9b6bf2
--- /dev/null
+++ b/ext/standard/tests/serialize/bug69210.phpt
@@ -0,0 +1,51 @@
+--TEST--
+serialize() integrity with non string on __sleep
+--FILE--
+<?php
+class testString
+{
+	public $a = true;
+
+	public function __sleep()
+	{
+		return array('a', '1');
+	}
+}
+
+class testInteger
+{
+	public $a = true;
+
+	public function __sleep()
+	{
+		return array('a', 1);
+	}
+}
+
+$cs = new testString();
+$ci = new testInteger();
+
+$ss =  @serialize($cs);
+echo $ss . "\n";
+
+$si = @serialize($ci);
+echo $si . "\n";
+
+var_dump(unserialize($ss));
+var_dump(unserialize($si));
+?>
+--EXPECT--
+O:10:"testString":2:{s:1:"a";b:1;s:1:"1";N;}
+O:11:"testInteger":2:{s:1:"a";b:1;s:1:"1";N;}
+object(testString)#3 (2) {
+  ["a"]=>
+  bool(true)
+  ["1"]=>
+  NULL
+}
+object(testInteger)#3 (2) {
+  ["a"]=>
+  bool(true)
+  ["1"]=>
+  NULL
+}
\ No newline at end of file
diff --git a/ext/standard/tests/serialize/serialization_objects_016.phpt b/ext/standard/tests/serialize/serialization_objects_016.phpt
deleted file mode 100644
index e9b6bf2..0000000
--- a/ext/standard/tests/serialize/serialization_objects_016.phpt
+++ /dev/null
@@ -1,51 +0,0 @@
---TEST--
-serialize() integrity with non string on __sleep
---FILE--
-<?php
-class testString
-{
-	public $a = true;
-
-	public function __sleep()
-	{
-		return array('a', '1');
-	}
-}
-
-class testInteger
-{
-	public $a = true;
-
-	public function __sleep()
-	{
-		return array('a', 1);
-	}
-}
-
-$cs = new testString();
-$ci = new testInteger();
-
-$ss =  @serialize($cs);
-echo $ss . "\n";
-
-$si = @serialize($ci);
-echo $si . "\n";
-
-var_dump(unserialize($ss));
-var_dump(unserialize($si));
-?>
---EXPECT--
-O:10:"testString":2:{s:1:"a";b:1;s:1:"1";N;}
-O:11:"testInteger":2:{s:1:"a";b:1;s:1:"1";N;}
-object(testString)#3 (2) {
-  ["a"]=>
-  bool(true)
-  ["1"]=>
-  NULL
-}
-object(testInteger)#3 (2) {
-  ["a"]=>
-  bool(true)
-  ["1"]=>
-  NULL
-}
\ No newline at end of file
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Thu Dec 03 11:01:23 2020 UTC