From: lars dot schultz at toolpark dot com Operating system: Linux PHP version: 5.2.12 PHP Bug Type: Class/Object related Bug description: var_export/eval/unserialize of protected Object Member vars
Description: ------------ When var_export() is used on a serialized-object-string, where the object has a protected member, and then use eval() or include() and then unserialize it again, it fails to do so. The trouble seems to be that var_export() creates a string which escapes the chr(0) as \000 whereas eval() does not unescape this, when it should. Protected Member: http://dev01.toolpark.com/test/unserialize.protected.php Public Member: http://dev01.toolpark.com/test/unserialize.public.php Reproduce code: --------------- <? class Person { protected $name; public function __construct($name){ $this->name = $name; } } $person = new Person('Lars Schultz'); $serializedPerson = serialize($person); $exportedSerializePerson = var_export($serializedPerson,true); $evaluatedPerson = eval('return '.$exportedSerializePerson.';'); $unserialized = unserialize($evaluatedPerson); ?> <pre> Original serialize: <? var_dump($serializedPerson); ?> Exported serialize: <? var_dump($exportedSerializePerson); ?> Evaluated Exported serialize: <? var_dump($evaluatedPerson); ?> Unserialized Exported serialize: <? var_dump($unserialized); ?> <? print_r(error_get_last()) ?> Expected result: ---------------- Original serialize: string(51) "O:6:"Person":1:{s:7:"�*�name";s:12:"Lars Schultz";}" Exported serialize: string(59) "'O:6:"Person":1:{s:7:"\000*\000name";s:12:"Lars Schultz";}'" Evaluated Exported serialize: string(57) "O:6:"Person":1:{s:7:"\000*\000name";s:12:"Lars Schultz";}" Unserialized Exported serialize: object(Person)#2 (1) { ["name"]=> string(12) "Lars Schultz" } Actual result: -------------- Original serialize: string(51) "O:6:"Person":1:{s:7:"�*�name";s:12:"Lars Schultz";}" Exported serialize: string(59) "'O:6:"Person":1:{s:7:"\000*\000name";s:12:"Lars Schultz";}'" Evaluated Exported serialize: string(57) "O:6:"Person":1:{s:7:"\000*\000name";s:12:"Lars Schultz";}" Unserialized Exported serialize: bool(false) Array ( [type] => 8 [message] => unserialize() [function.unserialize]: Error at offset 28 of 57 bytes [file] => /srv/www/htdocs/test/unserialize.protected.php [line] => 19 ) -- Edit bug report at http://bugs.php.net/?id=50842&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=50842&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=50842&r=trysnapshot53 Try a snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=50842&r=trysnapshot60 Fixed in SVN: http://bugs.php.net/fix.php?id=50842&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=50842&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=50842&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=50842&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=50842&r=needscript Try newer version: http://bugs.php.net/fix.php?id=50842&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=50842&r=support Expected behavior: http://bugs.php.net/fix.php?id=50842&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=50842&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=50842&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=50842&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=50842&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=50842&r=dst IIS Stability: http://bugs.php.net/fix.php?id=50842&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=50842&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=50842&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=50842&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=50842&r=mysqlcfg
