ID: 50842 Updated by: j...@php.net Reported By: lars dot schultz at toolpark dot com Status: Feedback Bug Type: Class/Object related Operating System: Linux PHP Version: 5.2.12 New Comment:
That 2nd is bogus, you forget that var_export() returns PHP code. You're doing eval() on wrong stuff. Don't eval(). Refactor your code. Previous Comments: ------------------------------------------------------------------------ [2010-01-26 10:28:46] j...@php.net Please try using this snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows: http://windows.php.net/snapshots/ Your first case works fine using latest SVN. The other one..I don't think is a bug anyway. ------------------------------------------------------------------------ [2010-01-26 08:53:51] lars dot schultz at toolpark dot com This is essentially the same problem, although not my use case. var_dump(unserialize(eval('return '.var_export(serialize(chr(0)),true).';'))); Expected Result: string(1) "[000]" Actual Result: bool(false) ------------------------------------------------------------------------ [2010-01-26 08:15:34] lars dot schultz at toolpark dot com Description: ------------ When var_export() is used on a serialized-object-string, where the object has a protected member, and then use eval() or include() and then unserialize it again, it fails to do so. The trouble seems to be that var_export() creates a string which escapes the chr(0) as \000 whereas eval() does not unescape this, when it should. Protected Member: http://dev01.toolpark.com/test/unserialize.protected.php Public Member: http://dev01.toolpark.com/test/unserialize.public.php Reproduce code: --------------- <? class Person { protected $name; public function __construct($name){ $this->name = $name; } } $person = new Person('Lars Schultz'); $serializedPerson = serialize($person); $exportedSerializePerson = var_export($serializedPerson,true); $evaluatedPerson = eval('return '.$exportedSerializePerson.';'); $unserialized = unserialize($evaluatedPerson); ?> <pre> Original serialize: <? var_dump($serializedPerson); ?> Exported serialize: <? var_dump($exportedSerializePerson); ?> Evaluated Exported serialize: <? var_dump($evaluatedPerson); ?> Unserialized Exported serialize: <? var_dump($unserialized); ?> <? print_r(error_get_last()) ?> Expected result: ---------------- Original serialize: string(51) "O:6:"Person":1:{s:7:"�*�name";s:12:"Lars Schultz";}" Exported serialize: string(59) "'O:6:"Person":1:{s:7:"\000*\000name";s:12:"Lars Schultz";}'" Evaluated Exported serialize: string(57) "O:6:"Person":1:{s:7:"\000*\000name";s:12:"Lars Schultz";}" Unserialized Exported serialize: object(Person)#2 (1) { ["name"]=> string(12) "Lars Schultz" } Actual result: -------------- Original serialize: string(51) "O:6:"Person":1:{s:7:"�*�name";s:12:"Lars Schultz";}" Exported serialize: string(59) "'O:6:"Person":1:{s:7:"\000*\000name";s:12:"Lars Schultz";}'" Evaluated Exported serialize: string(57) "O:6:"Person":1:{s:7:"\000*\000name";s:12:"Lars Schultz";}" Unserialized Exported serialize: bool(false) Array ( [type] => 8 [message] => unserialize() [function.unserialize]: Error at offset 28 of 57 bytes [file] => /srv/www/htdocs/test/unserialize.protected.php [line] => 19 ) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=50842&edit=1
