Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:13459
Return-Path: <php@hristov.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 79058 invoked by uid 1010); 22 Oct 2004 13:31:25 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 76638 invoked from network); 22 Oct 2004 13:30:28 -0000
Received: from unknown (HELO iko.gotobg.net) (80.168.8.116)
  by pb1.pair.com with SMTP; 22 Oct 2004 13:30:28 -0000
Received: from pd9e61e32.dip.t-dialin.net ([217.230.30.50] helo=[192.168.0.36])
	by iko.gotobg.net with esmtpa (Exim 4.43)
	id 1CL0P1-00057y-IS; Fri, 22 Oct 2004 17:28:23 +0300
Message-ID: <41790AE6.7080908@hristov.com>
Date: Fri, 22 Oct 2004 15:28:06 +0200
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8a4) Gecko/20040918
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Francisco M. Marzoa Alonso" <fmmarzoa@gmx.net>
CC:  internals@lists.php.net
References: <417905D9.4010205@gmx.net>
In-Reply-To: <417905D9.4010205@gmx.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - iko.gotobg.net
X-AntiAbuse: Original Domain - lists.php.net
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - hristov.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Subject: Re: [PHP-DEV] [PHP] Serializing objects with protected members
From: php@hristov.com (Andrey Hristov)

  Hi,
Francisco M. Marzoa Alonso wrote:
> Hi,
> 
> I'm trying to wrote my own serialization routines and I've found a
> previsible problem: protected members are not visible to my
> serialization routine. This is ok and it should be as is, but I've seen
> that PHP's serialize function have access to that members anyway, so the
> question is: Is there any kind of hack that I can use to access those
> variables from my own serialization routine?
> 
> Thx. a lot in advance,
> 
> P.S. I've sent this message before to php general list, but I think its 
> a more "internal" issue.
> 

Are you writing your routines in PHP or in C? C code can access protected
variables easily since the Zend Engine exposes an API function to unmangle
them (they are stored in the properties hash mangled - public properties are
stored unmangled). Now I realize that it can be a  problem for users
having their session written in DB and writing their session handler in PHP
since they cannot access private and protected member variables and they serialize
by using serialize() over the session data passed to the write() routine.
There is a hack to access private data of an object.
<?php
class f{
    private $priv=1;
    protected $prot=2;
    public $pub=3;
}
$f=new f();
var_dump($b=array_keys((array)$f));
var_dump($f);
}
?>
array(3) {
   [0]=>
   string(7) "fpriv"
   [1]=>
   string(7) "*prot"
   [2]=>
   string(3) "pub"
}
object(f)#1 (3) {
   ["priv:private"]=>
   int(1)
   ["prot:protected"]=>
   int(2)
   ["pub"]=>
   int(3)
}

One can use either arrays to get access to hidden data.
The second hash is easier to use. The elements in the first
one are just like they are stored in the memory. Private
and protected members have hash keys starting with \0 (ord(0))
If the second byte is * then it is a protected member, otherwise
the name of the class where the private property was defined is
next and after the name \0 comes again. If it is a protected
member after the * there is also a \0 byte. To the end is the
name of the property.

HTH,
Andrey