Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:81936
Return-Path: <jrbasso@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 12096 invoked from network); 5 Feb 2015 15:20:32 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 5 Feb 2015 15:20:32 -0000
Authentication-Results: pb1.pair.com header.from=jrbasso@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=jrbasso@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.172 as permitted sender)
X-PHP-List-Original-Sender: jrbasso@gmail.com
X-Host-Fingerprint: 209.85.213.172 mail-ig0-f172.google.com  
Received: from [209.85.213.172] ([209.85.213.172:35541] helo=mail-ig0-f172.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 66/C0-27691-E3A83D45 for <internals@lists.php.net>; Thu, 05 Feb 2015 10:20:31 -0500
Received: by mail-ig0-f172.google.com with SMTP id l13so43689725iga.5
        for <internals@lists.php.net>; Thu, 05 Feb 2015 07:20:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=ArEBmN4/SHbANtnHrrDFzq0X3kG1A8HSJhWggez+wJ0=;
        b=G+KLifj7QI5TAbm4Qq5SuuWoJX6eHkHZeeT3rrJiZvwm5WPFuwnOkZ0R9b75WfY9bM
         KYFmCNC6vxUzsy2N3Aaj1SMruze0dIrf8bObxtg1Pp2tRU4ebMQKYQaFTY7EC558M6VO
         Q/Qsf7oKlj1ZRyKRv/qspBfF3hfu5uHbh+VufYheMfySTOx+XLIBdKMGqIuXvy6xtZ6g
         G/v/+TIso8a4QqZwX9LfA6HgFXiQEOzNZjHcc3bjNuqlAUu+QIbbCZwO4RW+u5rZDox1
         AczAhYqeiw5rxyVoYHD6cjLrGhpwTX0g1gWk/JEdTPsz4fTG28XhEq3HzCssaD6hw11e
         l9fQ==
MIME-Version: 1.0
X-Received: by 10.43.126.67 with SMTP id gv3mr7906311icc.31.1423149628284;
 Thu, 05 Feb 2015 07:20:28 -0800 (PST)
Received: by 10.64.25.114 with HTTP; Thu, 5 Feb 2015 07:20:28 -0800 (PST)
In-Reply-To: <54D384EC.90305@gmail.com>
References: <CA+sv8zC==OeU9nnzxM=65A24fV+WiTdhbJgqLg-u=wVhGtL9Zw@mail.gmail.com>
	<CA+sv8zB=c5j8iZDv9mocXfkUF57U+pUJxTGyMg9mj7FAuTKyjg@mail.gmail.com>
	<54D384EC.90305@gmail.com>
Date: Thu, 5 Feb 2015 10:20:28 -0500
Message-ID: <CA+sv8zD1_g594eM00_iY_FC4_1yAL+CXBB5hxo2shNN2wwOnRQ@mail.gmail.com>
To: Rowan Collins <rowan.collins@gmail.com>
Cc: PHP Internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=bcaec51824a80e63c4050e58d8e9
Subject: Re: [PHP-DEV] Re: Serialize generating corrupted data
From: jrbasso@gmail.com (Juan Basso)

--bcaec51824a80e63c4050e58d8e9
Content-Type: text/plain; charset=UTF-8

Rowan,

It is happening and giving the same message, but the problem is the
generate value is corrupted because it generates N; without the key. Ie,
when you have a valid field and an invalid field it
generates O:1:"C":2:{s:1:"a";b:1;N;} (note that "a" is the property name, 1
is the boolean value and after that it is just null without the key,
causing the unserialize to not be able to parse it).

If you try to unserialize it gives you the notice "unserialize(): Error at
offset 25 of 26 bytes in XXX".

On Thu, Feb 5, 2015 at 9:57 AM, Rowan Collins <rowan.collins@gmail.com>
wrote:

> Juan Basso wrote on 05/02/2015 14:07:
>
>  No one?
>>
>> On Mon, Feb 2, 2015 at 8:57 PM, Juan Basso <jrbasso@gmail.com> wrote:
>>
>>  Hi,
>>>
>>> I was testing few things today and I released one bug in the serialize
>>> function. The serialize function returns a corrupted value when it is
>>> serializing an object that contains a __sleep magic method and this
>>> method
>>> return some key that are not string. Ie:
>>>
>>> http://viper-7.com/EK16EV
>>>
>>> If the __sleep returns a string that is not a property it is fine, it
>>> will
>>> give the notice and the generated response is a valid serialized data (in
>>> another words you can use unserialize to retrieve the object back). Ie,
>>> http://viper-7.com/H9ooff
>>>
>>> I can try to make a patch to solve it, but before that I would like how
>>> the behavior should be. Some options:
>>> 1) Give the notice saying the field doesn't exist and do not include on
>>> the serialized response
>>> 2) Give the notice saying the field doesn't exist and convert the value
>>> to
>>> string (ie, on my example the int(1) would be transformed to string(1))
>>> 3) Give a warning and return false once the input from __sleep is invalid
>>> 4) None of the above alternative
>>> 5) Don't change it
>>>
>>>
> Playing around with existing behaviour, if you return something other than
> an array, you get a Notice and a serialized null ('N;') - e.g.
> http://3v4l.org/rm9rs
>
> I think it would be reasonable for the same to happen if the array
> contains something other than a string, particularly given that the message
> would still describe the fix quite readily ( "__sleep should return an
> array only containing the names of instance-variables to serialize").
>
> Personally, I'd have made this a Warning rather than a Notice, since it's
> clearly discarding data, but it should be consistent either way.
>
> Regards,
> --
> Rowan Collins
> [IMSoP]
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--bcaec51824a80e63c4050e58d8e9--