From: s...@php.net
Operating system: Win7
PHP version: 5.3.2RC3
PHP Bug Type: Scripting Engine problem
Bug description: Unserialized objects with prototype changes results in
duplicated properties
Description:
------------
If you serialize an object in the session and then change the properties
declaration from public to protected (or any other change), the
unserialized objects will have duplicated properties, once public and once
protected, and the object will not be able to read the public value so it
means the object state is broken.
This is obviously due to the way the protected values are stored as
"\0*\0property" => "value", but I still think the default unserializer code
should check if "property" exists, and fill it no matter what the access
level is, rather than creating another property with the same name. I don't
know how easy it'd be and how it would impact performance though, but it's
quite scary that the engine even allows having two properties with
different access levels and the same name.
Reproduce code:
---------------
// Run once like this, then change public $property to protected
$property, run again and look at var_dump output
session_start();
class testClass {
public $property;
public function __construct($val) {
$this->property = $val;
}
}
if (!isset($_SESSION['obj'])) {
$_SESSION['obj'] = new testClass('value');
}
var_dump($_SESSION['obj']);
Expected result:
----------------
object(testClass)[1]
protected 'property' => string 'value' (length=5)
Actual result:
--------------
object(testClass)[1]
protected 'property' => null
public 'property' => string 'value' (length=5)
--
Edit bug report at http://bugs.php.net/?id=51173&edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=51173&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=51173&r=trysnapshot53
Try a snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=51173&r=trysnapshot60
Fixed in SVN:
http://bugs.php.net/fix.php?id=51173&r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=51173&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=51173&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=51173&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=51173&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=51173&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=51173&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=51173&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=51173&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=51173&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=51173&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=51173&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=51173&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=51173&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=51173&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=51173&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=51173&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=51173&r=mysqlcfg
