Edit report at https://bugs.php.net/bug.php?id=64349&edit=1
ID: 64349
Updated by: ras...@php.net
Reported by: pprem at pprem dot net
Summary: serialize don't work with class/object
-Status: Feedback
+Status: Not a bug
Type: Bug
Package: Class/Object related
Operating System: Ubuntu 12.10
PHP Version: 5.4.12
Block user comment: N
Private report: N
New Comment:
Nope, not a bug. From a security perspective it is safer to not output anything
when the input cannot be parsed. You were feeding it invalid UTF8. You should
always specify which charset your input is in when calling
htmlentities/htmlspecialchars
Previous Comments:
------------------------------------------------------------------------
[2013-03-05 22:19:18] pprem at pprem dot net
Sorry Rasmus, I find the real problem and it's not unserialize or serialize.
I'm in France and my source files are by default in ISO-8859-1. New projects
are
in UTF-8, like yours by default I suppose.
I didn't see that htmlentities() has UTF-8 by default nor ISO-8859-1.
In the past,
<?php
print(htmlentities("je suis allé dans l'allée"));
?>
encoded in ISO-8859-1 worked. Now, it didn't display anything (perhaps a bug in
htmlentities ?). If you encode in UTF-8, it works correctly.
I changed my program as this :
<?php
print(htmlentities("je suis allé dans l'allée",ENT_COMPAT,"ISO-8859-1"));
?>
and all is good.
------------------------------------------------------------------------
[2013-03-04 15:15:00] ras...@php.net
Your test script works fine here for me with PHP 5.4.13-dev
Do you have any special extensions loaded that might be affecting this?
Try it from the command line with php -n
------------------------------------------------------------------------
[2013-03-04 14:54:48] pprem at pprem dot net
Description:
------------
serialize don't work on stdClass anymore: nothing is get as return of
serialize($test) when $test is an object
Test script:
---------------
<?php
function test_($var) {
$start = serialize ($var);
$nb_ok = $nb_nok = 0;
for ($i = 0; $i < 100; $i ++) {
$end = serialize(unserialize($start));
if ($star == $end) {
$nb_ok++;
} else {
$nb_nok++;
}
}
print("<p>".htmlentities($start)."<br />ok=".$nb_ok."<br
/>nok=".$nb_nok."</p>");
}
test_(5);
test_("254retet");
test_(array(54,7,687,"ihju",24,"","52s7"));
$test = new stdClass(); $test->bidule="57geré"; $test->truc=547;
$test->machin=54.47; $test->chose="dsf24sdg"; test_($test);
$test2 = new stdClass(); $test2->first="dflgid"; $test2->second=$test;
$test2->third=2; test_($test2);
?>
Expected result:
----------------
i:5;
ok=0
nok=100
s:8:"254retet";
ok=0
nok=100
a:7:
{i:0;i:54;i:1;i:7;i:2;i:687;i:3;s:4:"ihju";i:4;i:24;i:5;s:0:"";i:6;s:4:"52s7";}
ok=0
nok=100
O:8:"stdClass":4:
{s:6:"bidule";s:6:"57geré";s:4:"truc";i:547;s:6:"machin";d:54.469999999999999;s:
5:"chose";s:8:"dsf24sdg";}
ok=0
nok=100
O:8:"stdClass":3:{s:5:"first";s:6:"dflgid";s:6:"second";O:8:"stdClass":4:
{s:6:"bidule";s:6:"57geré";s:4:"truc";i:547;s:6:"machin";d:54.469999999999999;s:
5:"chose";s:8:"dsf24sdg";}s:5:"third";i:2;}
ok=0
nok=100
Actual result:
--------------
i:5;
ok=0
nok=100
s:8:"254retet";
ok=0
nok=100
a:7:
{i:0;i:54;i:1;i:7;i:2;i:687;i:3;s:4:"ihju";i:4;i:24;i:5;s:0:"";i:6;s:4:"52s7";}
ok=0
nok=100
ok=0
nok=100
ok=0
nok=100
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=64349&edit=1
