ID: 35281
Updated by: [EMAIL PROTECTED]
Reported By: mike at naberezny dot com
-Status: Open
+Status: Feedback
Bug Type: Class/Object related
Operating System: Windows XP
PHP Version: 5.0.5
New Comment:
That's interesting, because I get the following:
object(Foo)#1 (0) {
}
Fatal error: Call to protected method Foo::__sleep() from context '' in
Unknown on line 0
Please check your display_errors and error_reporting settings.
Previous Comments:
------------------------------------------------------------------------
[2005-11-18 20:29:13] mike at naberezny dot com
The result is the same using the latest Win32 build from snaps.
C:\php5.1>php -n -v
PHP 5.1.0RC7-dev (cli) (built: Nov 18 2005 16:36:58)
Copyright (c) 1997-2005 The PHP Group
Zend Engine v2.1.0-dev, Copyright (c) 1998-2005 Zend Technologies
C:\php5.1>php -n -r "class Foo { protected function __sleep() {} }
$_SESSION['foo'] = new Foo(); var_dump($_SESSION['foo']);"
object(Foo)#1 (0) {
}
------------------------------------------------------------------------
[2005-11-18 19:25:06] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php5-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php5-win32-latest.zip
------------------------------------------------------------------------
[2005-11-18 19:08:13] mike at naberezny dot com
Description:
------------
The session extension does not respect the visibility of the __sleep()
method. If __sleep() is protected or private, calling serialize() will
raise a fatal error. However, the session extension will still
serialize it.
Reproduce code:
---------------
<?php
class Foo { protected function __sleep() {} }
$_SESSION['foo'] = new Foo();
var_dump($_SESSION['foo']);
?>
Expected result:
----------------
"Fatal error: Call to protected method Foo::__sleep() from context..."
at the time of assignment.
Actual result:
--------------
object(Foo)#1 (0) {
}
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=35281&edit=1
