Skip Menu |
 

This queue is for tickets about the PHP-Serialization CPAN distribution.

Report information
The Basics
Id: 97864
Status: new
Priority: 0/
Queue: PHP-Serialization

People
Owner: Nobody in particular
Requestors: spiceman [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: 0.34
Fixed in: (no value)



Subject: Decoding dies on serialized protected attributes
Download (untitled) / with headers
text/plain 202b
It seems PHP prepends three fake nul chars to protected attributes of serialized objects. "Fake" because the key identifier string is "\\0\\0\\0key", not "\0\0\0key". test and horrible patch attached.
Subject: 12protectedattr.t
Download 12protectedattr.t
text/x-perl 234b
#!/usr/bin/perl use Test::More tests => 1; use PHP::Serialization qw(unserialize serialize); my $encoded = q|O:7:"Foo\\Bar":1:{s:8:"\0\0\0value";i:1;}|; my $data = unserialize($encoded); is( $data->{"\0\0\0value"}, 1 );
Subject: Serialization.pm.protattr.diff
diff --git a/PHP/Serialization.pm b/PHP/Serialization.pm index 9dc3120..66bd089 100644 --- a/PHP/Serialization.pm +++ b/PHP/Serialization.pm @@ -104,6 +104,9 @@ sub decode { my ($self, $string, $class, $shash) = @_; $sorthash=$shash if defined($shash); + # for protected attributes + $string =~ s/\\0/\0/g; + my $cursor = 0; $self->{string} = \$string; $self->{cursor} = \$cursor; @@ -427,7 +430,9 @@ sub _encode { $buffer .= sprintf('d:%s;', $val); } elsif ( $type eq 'string' ) { - $buffer .= sprintf('s:%d:"%s";', length($val), $val); + my $length = length $val; + $val =~ s/\0/\\0/g; # protected attributes + $buffer .= qq{s:$length:"$val";}; } elsif ( $type eq 'array' ) { if ( ref($val) eq 'ARRAY' ) {


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.