#35281 [NEW]: Session extension does not respect visibility of __sleep()
From: mike at naberezny dot com
Operating system: Windows XP
PHP version: 5.0.5
PHP Bug Type: Class/Object related
Bug description: Session extension does not respect visibility of __sleep()
Description:
The session extension does not respect the visibility of the __sleep()
method. If __sleep() is protected or private, calling serialize() will
raise a fatal error. However, the session extension will still serialize
it.
Reproduce code:
---
Expected result:
"Fatal error: Call to protected method Foo::__sleep() from context..." at
the time of assignment.
Actual result:
--
object(Foo)#1 (0) {
}
--
Edit bug report at http://bugs.php.net/?id=35281&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=35281&r=trysnapshot4
Try a CVS snapshot (php5.0):
http://bugs.php.net/fix.php?id=35281&r=trysnapshot50
Try a CVS snapshot (php5.1):
http://bugs.php.net/fix.php?id=35281&r=trysnapshot51
Fixed in CVS:http://bugs.php.net/fix.php?id=35281&r=fixedcvs
Fixed in release:http://bugs.php.net/fix.php?id=35281&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=35281&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=35281&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=35281&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=35281&r=support
Expected behavior: http://bugs.php.net/fix.php?id=35281&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=35281&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=35281&r=submittedtwice
register_globals:http://bugs.php.net/fix.php?id=35281&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=35281&r=php3
Daylight Savings:http://bugs.php.net/fix.php?id=35281&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=35281&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=35281&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=35281&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=35281&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=35281&r=mysqlcfg
#35281 [Fbk->Opn]: Session extension does not respect visibility of __sleep()
ID: 35281
User updated by: mike at naberezny dot com
Reported By: mike at naberezny dot com
-Status: Feedback
+Status: Open
Bug Type: Class/Object related
Operating System: Windows XP
PHP Version: 5.0.5
New Comment:
The result is the same using the latest Win32 build from snaps.
C:\php5.1>php -n -v
PHP 5.1.0RC7-dev (cli) (built: Nov 18 2005 16:36:58)
Copyright (c) 1997-2005 The PHP Group
Zend Engine v2.1.0-dev, Copyright (c) 1998-2005 Zend Technologies
C:\php5.1>php -n -r "class Foo { protected function __sleep() {} }
$_SESSION['foo'] = new Foo(); var_dump($_SESSION['foo']);"
object(Foo)#1 (0) {
}
Previous Comments:
[2005-11-18 19:25:06] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php5-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php5-win32-latest.zip
----
[2005-11-18 19:08:13] mike at naberezny dot com
Description:
The session extension does not respect the visibility of the __sleep()
method. If __sleep() is protected or private, calling serialize() will
raise a fatal error. However, the session extension will still
serialize it.
Reproduce code:
---
Expected result:
"Fatal error: Call to protected method Foo::__sleep() from context..."
at the time of assignment.
Actual result:
--
object(Foo)#1 (0) {
}
--
Edit this bug report at http://bugs.php.net/?id=35281&edit=1
