Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:81939
Return-Path: <rowan.collins@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 17680 invoked from network); 5 Feb 2015 15:51:26 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 5 Feb 2015 15:51:26 -0000
Authentication-Results: pb1.pair.com smtp.mail=rowan.collins@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=rowan.collins@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.212.177 as permitted sender)
X-PHP-List-Original-Sender: rowan.collins@gmail.com
X-Host-Fingerprint: 209.85.212.177 mail-wi0-f177.google.com  
Received: from [209.85.212.177] ([209.85.212.177:33509] helo=mail-wi0-f177.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 0B/D1-27691-D7193D45 for <internals@lists.php.net>; Thu, 05 Feb 2015 10:51:26 -0500
Received: by mail-wi0-f177.google.com with SMTP id r20so11467570wiv.4
        for <internals@lists.php.net>; Thu, 05 Feb 2015 07:51:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=message-id:date:from:user-agent:mime-version:to:subject:references
         :in-reply-to:content-type;
        bh=VP4JpRX1QKYXd68+jtn1KR9zjAFI/lpXouGnOsF4ihU=;
        b=uFo9vcSM5Wyb6xk1qm/oeQpQRLOvhblD4H/2ZjtIIMqKO8t3cMCQcJC19yYPJ4kS11
         ExOPS28dOWygPY6GZHuXurXdHLRbqK0D2djGV8uUc7sMBwjdlh1yG+jtCHt7+96FYToy
         Po41TOalctbQ/N3i6W73zlbfGHBspp0w3926n7hLN6G2nQ/n2CG0XT/nCsAjCxe8VQgY
         A5DhjYNJK3SEFdJ4b8WyPT6bjHLoIj/uzpVsdNLSBtAy8P7wllUJqW5y8avZi7W2bQKv
         lKKKpUguVTuSyrlBiMe2Q4pR0xIRAp7VJfQKHgMIOM6an3xrpCidUQDgCvZf/E98Ffog
         XKjQ==
X-Received: by 10.180.211.83 with SMTP id na19mr16749877wic.29.1423151481414;
        Thu, 05 Feb 2015 07:51:21 -0800 (PST)
Received: from [192.168.0.172] ([62.189.198.114])
        by mx.google.com with ESMTPSA id q10sm7890003wjr.41.2015.02.05.07.51.20
        for <internals@lists.php.net>
        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 05 Feb 2015 07:51:20 -0800 (PST)
Message-ID: <54D3916F.3020606@gmail.com>
Date: Thu, 05 Feb 2015 15:51:11 +0000
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: PHP Internals <internals@lists.php.net>
References: <CA+sv8zC==OeU9nnzxM=65A24fV+WiTdhbJgqLg-u=wVhGtL9Zw@mail.gmail.com>	<CA+sv8zB=c5j8iZDv9mocXfkUF57U+pUJxTGyMg9mj7FAuTKyjg@mail.gmail.com>	<54D384EC.90305@gmail.com> <CA+sv8zD1_g594eM00_iY_FC4_1yAL+CXBB5hxo2shNN2wwOnRQ@mail.gmail.com>
In-Reply-To: <CA+sv8zD1_g594eM00_iY_FC4_1yAL+CXBB5hxo2shNN2wwOnRQ@mail.gmail.com>
Content-Type: multipart/alternative;
 boundary="------------010000060505020909030009"
Subject: Re: [PHP-DEV] Re: Serialize generating corrupted data
From: rowan.collins@gmail.com (Rowan Collins)

--------------010000060505020909030009
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit


> On Thu, Feb 5, 2015 at 9:57 AM, Rowan Collins <rowan.collins@gmail.com 
> <mailto:rowan.collins@gmail.com>> wrote:
>
>     Playing around with existing behaviour, if you return something
>     other than an array, you get a Notice and a serialized null ('N;')
>     - e.g. http://3v4l.org/rm9rs
>
>     I think it would be reasonable for the same to happen if the array
>     contains something other than a string, particularly given that
>     the message would still describe the fix quite readily ( "__sleep
>     should return an array only containing the names of
>     instance-variables to serialize").
>
>     Personally, I'd have made this a Warning rather than a Notice,
>     since it's clearly discarding data, but it should be consistent
>     either way.
>

Juan Basso wrote on 05/02/2015 15:20:
> Rowan,
>
> It is happening and giving the same message, but the problem is the 
> generate value is corrupted because it generates N; without the key. 
> Ie, when you have a valid field and an invalid field it 
> generates O:1:"C":2:{s:1:"a";b:1;N;} (note that "a" is the property 
> name, 1 is the boolean value and after that it is just null without 
> the key, causing the unserialize to not be able to parse it).
>
> If you try to unserialize it gives you the notice "unserialize(): 
> Error at offset 25 of 26 bytes in XXX".

Yes, I understand the problem. What I'm saying is that if you return, 
say, a string, the result is a validly serialized Null *for the whole 
object*.

So:
class A { public function __sleep() { return 'bad value'; } }
var_dump( serialize(new A) );
// Result: string(2) "N;"

I'm suggesting the same behaviour for the currently broken case, so:

class B { public function __sleep() { return ['a', 42]; } }
var_dump( serialize(new B) );
// Current PHP, invalid: string(24) "O:1:"B":2:{s:1:"a";N;N;}"
// Suggested, consistent with other error cases: string(2) "N;"

Interestingly, HHVM generates string(29) "O:1:"B":2:{s:1:"a";N;i:42;N;}" 
and will convert the integer key to a string when it is *unserialized*. 
Adopting this as standard would be another option, I guess. See 
http://3v4l.org/S8lRA

PS I fixed your top posting, because I know people don't like it. :)

Regards,
-- 
Rowan Collins
[IMSoP]

--------------010000060505020909030009--