Hi,
unserialize() cannot unserialize objects whose names contain anything except
a-z, 0-9 and _, the parser allows those, though.
Example
$ cat unserialize.php
<?php
class Über { }
var_dump(unserialize(serialize(new Über())));
?>
Expected behaviour
$ php unserialize.php
object(über)(0) {
}
Actual behaviour
$ php unserialize.php
bool(false)
PHP Notice: unserialize(): Error at offset 5 of 15 bytes in
F:\Programme\cygwin\home\thekid\unserialize.php on line 4
Cause
http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.re?sa=1&r1
=1.40&r2=1.41&ty=u
Fix
Allow anything the parser allows, [a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*
- Timm
Fix
Allow anything the parser allows, [a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*
Do you have a patch? :)
regards,
Derick
--
Derick Rethans
http://derickrethans.nl | http://ez.no | http://xdebug.org
Derick Rethans wrote:
Fix
Allow anything the parser allows, [a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*
Do you have a patch? :)
I attached a patch for ext/standard/var_unserializer.{c,re}
- Chris
Derick Rethans wrote:
Fix
Allow anything the parser allows, [a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*
Do you have a patch? :)
Oops, and here a patch without the debug fprintf :-)
- Chris