Skip Menu |

This queue is for tickets about the PHP-Serialization CPAN distribution.

Report information
The Basics
Id: 97864
Status: new
Priority: 0/
Queue: PHP-Serialization

People
Owner: Nobody in particular
Requestors: spiceman [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: 0.34
Fixed in: (no value)



Subject: Decoding dies on serialized protected attributes
It seems PHP prepends three fake nul chars to protected attributes of serialized objects. "Fake" because the key identifier string is "\\0\\0\\0key", not "\0\0\0key". test and horrible patch attached.
Subject: 12protectedattr.t
#!/usr/bin/perl use Test::More tests => 1; use PHP::Serialization qw(unserialize serialize); my $encoded = q|O:7:"Foo\\Bar":1:{s:8:"\0\0\0value";i:1;}|; my $data = unserialize($encoded); is( $data->{"\0\0\0value"}, 1 );
Subject: Serialization.pm.protattr.diff
diff --git a/PHP/Serialization.pm b/PHP/Serialization.pm index 9dc3120..66bd089 100644 --- a/PHP/Serialization.pm +++ b/PHP/Serialization.pm @@ -104,6 +104,9 @@ sub decode { my ($self, $string, $class, $shash) = @_; $sorthash=$shash if defined($shash); + # for protected attributes + $string =~ s/\\0/\0/g; + my $cursor = 0; $self->{string} = \$string; $self->{cursor} = \$cursor; @@ -427,7 +430,9 @@ sub _encode { $buffer .= sprintf('d:%s;', $val); } elsif ( $type eq 'string' ) { - $buffer .= sprintf('s:%d:"%s";', length($val), $val); + my $length = length $val; + $val =~ s/\0/\\0/g; # protected attributes + $buffer .= qq{s:$length:"$val";}; } elsif ( $type eq 'array' ) { if ( ref($val) eq 'ARRAY' ) {