Edit report at https://bugs.php.net/bug.php?id=64206&edit=1
ID: 64206
User updated by: cameron dot junge at sella dot co dot nz
Reported by: cameron dot junge at sella dot co dot nz
Summary: Serialized object becomes r:2, which breaks
unserialization
Status: Verified
Type: Bug
Package: Scripting Engine problem
Operating System: Ubuntu 12.10
PHP Version: 5.4.11
Assigned To: mike
Block user comment: N
Private report: N
New Comment:
If unserialize is blocked inside serialize, then either the inherited class(es)
need to know all the required properties from the parent class(es), which might
cause a bit of a maintenance headache (one field changed in a base class means
all inherited classes need to be updated).
A "solution" would be to use get_object_vars() in the base class and filter the
properties returned, but that seems to me like a bit of a kludge. Would mean
only serializing once, without the unserialize.
The use-case I've got is to prevent serializing a PDO connection inside classes
that need to be persisted to memcache.
Previous Comments:
------------------------------------------------------------------------
[2013-02-20 15:03:59] [email protected]
oh, then I understand wrongly about your "deny" word, hehe
------------------------------------------------------------------------
[2013-02-20 14:56:08] [email protected]
What dynamic check?
I guess a differentiated BG(serialize_lock)/BG(unserialize_lock) should do it.
------------------------------------------------------------------------
[2013-02-20 14:47:32] [email protected]
I think deny unserialize in serialize is not a choice. it need a dynamic check
and
make no sense.
reseting one need to be test with...
------------------------------------------------------------------------
[2013-02-20 10:42:39] [email protected]
As the var_hash is kept between recursive serialize() calls, the serializer
thinks the object is already serialized, but in fact, your hacky code replaces
the previously serialized object.
I see two options:
- deny unserialize() in serialize()
- reset the serialize var_hash on unserialize() (which may break other things)
------------------------------------------------------------------------
[2013-02-20 09:07:19] [email protected]
After a quick look, I think the problem is rather the unserialize() call in the
serialize() callback and vice-versa.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=64206
--
Edit this bug report at https://bugs.php.net/bug.php?id=64206&edit=1
