Hello,
I have came across some strange behavior today, after some time I got
it to the simplest form to reproduce. I have not yet attempted to
patch/investigate the code within php source, I want to first confirm
this is indeed a problem and I haven't just had a long day, as well as
verify it is not a known issue. I have searched the bug tracker; found
nothing similar.
Below is reproducible code, tested on php 5.3.0 release build, as well
as the latest snapshot and a random version installed in a yum
repository (5.1.6).
Regards,
-Chris
--
class testSerialize
{
protected $_foo = Array();
}
$base = new testSerialize;
$str1 = 'O:13:"testSerialize":1:{s:7:"*_foo";a:0:{}}';
$str2 = serialize($base);
var_dump($str1);
var_dump($str2);
var_dump($str1 == $str2);
var_dump(escapeshellarg($str1));
var_dump(escapeshellarg($str2));
Apologies for the double post, but the output might help... long day.
Notice the strlen is different, as well as the truncation on
escapeshellarg.
--
string(43) "O:13:"testSerialize":1:{s:7:"_foo";a:0:{}}"
string(45) "O:13:"testSerialize":1:{s:7:"_foo";a:0:{}}"
bool(false)
string(45) "'O:13:"testSerialize":1:{s:7:"*_foo";a:0:{}}'"
string(31) "'O:13:"testSerialize":1:{s:7:"'"
Protected properties are serialized as:
0x00 + * + 0x00 + property name
The null characters don't show up in your console, but pipe the output
through for example 'hexdump -C' and you should see them..
Evert
Apologies for the double post, but the output might help... long day.
Notice the strlen is different, as well as the truncation on
escapeshellarg.--
string(43) "O:13:"testSerialize":1:{s:7:"_foo";a:0:{}}"
string(45) "O:13:"testSerialize":1:{s:7:"_foo";a:0:{}}"
bool(false)
string(45) "'O:13:"testSerialize":1:{s:7:"*_foo";a:0:{}}'"
string(31) "'O:13:"testSerialize":1:{s:7:"'"