ID: 50842 User updated by: lars dot schultz at toolpark dot com Reported By: lars dot schultz at toolpark dot com Status: Bogus Bug Type: Class/Object related Operating System: Linux PHP Version: 5.2.12 New Comment:
@derick: thanks for your effort. Just checked the changelog and found your bugfix;) sorry,...somehow escaped my search for an existing bug. sorry. http://bugs.php.net/bug.php?id=42272 Previous Comments: ------------------------------------------------------------------------ [2010-01-26 11:14:16] [email protected] This works fine (5.1.7-dev, 5.2.13-dev and 5.3.2-dev): der...@kossu:/tmp$ pe 5.1dev der...@kossu:/tmp$ php test2.php <pre> Original serialize: string(51) "O:6:"Person":1:{s:7:"*name";s:12:"Lars Schultz";}" Exported serialize: string(53) "'O:6:"Person":1:{s:7:"*name";s:12:"Lars Schultz";}'" Evaluated Exported serialize: string(51) "O:6:"Person":1:{s:7:"*name";s:12:"Lars Schultz";}" Unserialized Exported serialize: object(Person)#2 (1) { ["name:protected"]=> string(12) "Lars Schultz" } der...@kossu:/tmp$ pe 5.2dev der...@kossu:/tmp$ php test2.php <pre> Original serialize: string(51) "O:6:"Person":1:{s:7:"*name";s:12:"Lars Schultz";}" Exported serialize: string(75) "'O:6:"Person":1:{s:7:"' . "\0" . '*' . "\0" . 'name";s:12:"Lars Schultz";}'" Evaluated Exported serialize: string(51) "O:6:"Person":1:{s:7:"*name";s:12:"Lars Schultz";}" Unserialized Exported serialize: object(Person)#2 (1) { ["name:protected"]=> string(12) "Lars Schultz" } der...@kossu:/tmp$ pe 5.3dev der...@kossu:/tmp$ php test2.php <pre> Original serialize: string(51) "O:6:"Person":1:{s:7:"*name";s:12:"Lars Schultz";}" Exported serialize: string(75) "'O:6:"Person":1:{s:7:"' . "\0" . '*' . "\0" . 'name";s:12:"Lars Schultz";}'" Evaluated Exported serialize: string(51) "O:6:"Person":1:{s:7:"*name";s:12:"Lars Schultz";}" Unserialized Exported serialize: object(Person)#2 (1) { ["name":protected]=> string(12) "Lars Schultz" } ------------------------------------------------------------------------ [2010-01-26 11:01:10] lars dot schultz at toolpark dot com thanks for checking it out. I do not have the possibility to install a different version...but if you say it works, then we'll try again when we update to that version...it's not a critical to us at the moment, but it might become so in the future (our current solution is not to have protected members). as for the 2nd one being bogus, i disagree;) i shortened it down to this (no serialize). var_export(), which should produce parseable (evaluatable) PHP-Code (as you said), creates a php-code-string, which i extend to a return statement, which I want to eval(). This is, though strange, correct. Reproduce Code: var_dump(eval('return '.var_export(chr(0),true).';')); Expected Result: string(1) "[000]" Actual Result: string(4) "\000" It seems to me that var_export() is the culprit because it returns '\000' instead of "\000" (note the double-quotes) this only happens with chr(0) but works with chr(1). Could it be related to \000 being a string-termination character, which is why it is escaped by var_export but it fails to provide the correct double-quotes? Because the character \001 is not escaped by var_export... <? //creates correct code var_dump(var_export(chr(1),true)); //creates incorrect code var_dump(var_export(chr(0),true)); //evaluates correctly var_dump(eval('return '.var_export(chr(1),true).';')); //does not evaluate the chr(0) correctly because it's not wrapped by double-quotes var_dump(eval('return '.var_export(chr(0),true).';')); //is actually the same as the previous line var_dump(eval('return \'\000\';')); //as it should be created by var_export var_dump(eval('return "\000";')); ?> ------------------------------------------------------------------------ [2010-01-26 10:34:40] [email protected] That 2nd is bogus, you forget that var_export() returns PHP code. You're doing eval() on wrong stuff. Don't eval(). Refactor your code. ------------------------------------------------------------------------ [2010-01-26 10:28:46] [email protected] Please try using this snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows: http://windows.php.net/snapshots/ Your first case works fine using latest SVN. The other one..I don't think is a bug anyway. ------------------------------------------------------------------------ [2010-01-26 08:53:51] lars dot schultz at toolpark dot com This is essentially the same problem, although not my use case. var_dump(unserialize(eval('return '.var_export(serialize(chr(0)),true).';'))); Expected Result: string(1) "[000]" Actual Result: bool(false) ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/50842 -- Edit this bug report at http://bugs.php.net/?id=50842&edit=1
