Hello,
Resources cannot be serialized.
This is mentionned on https://www.php.net/manual/en/function.serialize.php ,
but one can easily miss it.
The information does not seem to appear on
https://www.php.net/manual/en/language.oop5.serialization.php and
https://www.php.net/manual/en/language.types.resource.php
And nowhere does it says what happens if you serialize an object with a
resource in a property.
Now most resources are replaced by classes in the recent versions of PHP.
Because of this, it is advised to replace tests like
(is_resource($object->res)) with ($object->res !== FALSE).
So, I tried to do this in my application with LDAP connections, which will be
objects in PHP 8.1.
And the application broke, because when unserializing from session an object
containting an LDAP connection, the property is set to int(0). So is_resource()
and !== FALSE will not have the same result.
I cannot find any documentation page mentionning that resources are turned into
int(0) upon serialization.
It seems to be consistent accross versions: https://3v4l.org/BHtAh
But what will happen when LDAP connections are turned into objects in 8.1? Will
they also become int(0) upon serialization or will they behave in an other way?
I could not find a case of resource that became an object and is allowed on
3v4l to test this. There is no LDAP or CURL in there.
Côme
Le Tue, 31 Aug 2021 15:56:42 +0200,
Côme Chilliet come.chilliet@fusiondirectory.org a écrit :
It seems to be consistent accross versions: https://3v4l.org/BHtAh
But what will happen when LDAP connections are turned into objects in 8.1?
Will they also become int(0) upon serialization or will they behave in an
other way? I could not find a case of resource that became an object and is
allowed on 3v4l to test this. There is no LDAP or CURL in there.
Quick followup on this, I found a case that can be tested on 3v4l:
https://3v4l.org/EKFP0
-> Fatal error: Uncaught Exception: Serialization of 'XMLParser' is not allowed
in /in/EKFP0:13
So it seems objects of this kind throw when serialized (I hope they all do
that). It is not clear to me how that behaves with session, will it throw as
soon as affected to $_SESSION, or at the end of the request?
https://www.php.net/manual/en/class.xmlparser.php -> does fully opaque implies
non serializable?
On Tue, Aug 31, 2021 at 4:16 PM Côme Chilliet <
come.chilliet@fusiondirectory.org> wrote:
Le Tue, 31 Aug 2021 15:56:42 +0200,
Côme Chilliet come.chilliet@fusiondirectory.org a écrit :It seems to be consistent accross versions: https://3v4l.org/BHtAh
But what will happen when LDAP connections are turned into objects in
8.1?
Will they also become int(0) upon serialization or will they behave in an
other way? I could not find a case of resource that became an object and
is
allowed on 3v4l to test this. There is no LDAP or CURL in there.Quick followup on this, I found a case that can be tested on 3v4l:
https://3v4l.org/EKFP0-> Fatal error: Uncaught Exception: Serialization of 'XMLParser' is not
allowed
in /in/EKFP0:13So it seems objects of this kind throw when serialized (I hope they all do
that).
Unless we made a mistake somewhere, yes, all "resource-like" objects are
not serializable and will throw an attempted serialization or
unserialization.
It is not clear to me how that behaves with session, will it throw as
soon as affected to $_SESSION, or at the end of the request?
Storing it in $_SESSION temporarily should work fine, it will only throw
when the session is serialized.
Regards,
Nikita