Commit: 5824c797ac168e0e6a57c73945bd15b06b91d12c Author: Aaron Hamid <aaron.ha...@gmail.com> Sun, 17 Nov 2013 22:59:42 -0500 Parents: 140a42f779b83f5c32656741f9fd26f34edc0b1b Branches: pull-request/530
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=5824c797ac168e0e6a57c73945bd15b06b91d12c Log: added a test to cover distinction between boolean return value of unserialize function and deserializing serialized boolean Changed paths: A ext/standard/tests/serialize/serialization_error_002.phpt Diff: diff --git a/ext/standard/tests/serialize/serialization_error_002.phpt b/ext/standard/tests/serialize/serialization_error_002.phpt new file mode 100644 index 0000000..6525aaa --- /dev/null +++ b/ext/standard/tests/serialize/serialization_error_002.phpt @@ -0,0 +1,52 @@ +--TEST-- +Test unserialize(): error is indistinguishable from deserialized boolean +--FILE-- +<?php +/* Prototype : proto string serialize(mixed variable) + * Description: Returns a string representation of variable (which can later be unserialized) + * Source code: ext/standard/var.c + * Alias to functions: + */ +/* Prototype : proto mixed unserialize(string variable_representation) + * Description: Takes a string representation of variable and recreates it + * Source code: ext/standard/var.c + * Alias to functions: + */ + +echo "*** Testing unserialize() error/boolean distinction ***\n"; + +$garbage = "obvious non-serialized data"; +$serialized_false = serialize(false); + +var_dump($serialized_false); + +$deserialized_garbage = unserialize($garbage); +var_dump($deserialized_garbage); + +$deserialized_false = unserialize($serialized_false); +var_dump($deserialized_false); + +echo "unserialize error and deserialized false are identical? " . (bool) ($deserialized_false == $deserialized_garbage) . "\n"; + +// candidate safe idiom for determining whether data is serialized +function isSerialized($str) { + return ($str == serialize(false) || @unserialize($str) !== false); +} + +// Test unserialize error idiom +var_dump(isSerialized($garbage)); +var_dump(isSerialized($serialized_false)); + +echo "Done"; +?> +--EXPECTF-- +*** Testing unserialize() error/boolean distinction *** +string(4) "b:0;" + +Notice: unserialize(): Error at offset 0 of 27 bytes in %s/serialization_error_002.php on line 20 +bool(false) +bool(false) +unserialize error and deserialized false are identical? 1 +bool(false) +bool(true) +Done -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php