This queue is for tickets about the PHP-Serialization CPAN distribution.

Report information
The Basics
Id:
97864
Status:
new
Priority:
Low/Low

People
Owner:
Nobody in particular
Requestors:
spiceman [...] cpan.org
Cc:
AdminCc:

BugTracker
Severity:
(no value)
Broken in:
0.34
Fixed in:
(no value)



Subject: Decoding dies on serialized protected attributes
It seems PHP prepends three fake nul chars to protected attributes of serialized objects. "Fake" because the key identifier string is "\\0\\0\\0key", not "\0\0\0key". test and horrible patch attached.
Subject: 12protectedattr.t
#!/usr/bin/perl use Test::More tests => 1; use PHP::Serialization qw(unserialize serialize); my $encoded = q|O:7:"Foo\\Bar":1:{s:8:"\0\0\0value";i:1;}|; my $data = unserialize($encoded); is( $data->{"\0\0\0value"}, 1 );
Subject: Serialization.pm.protattr.diff
diff --git a/PHP/Serialization.pm b/PHP/Serialization.pm index 9dc3120..66bd089 100644 --- a/PHP/Serialization.pm +++ b/PHP/Serialization.pm @@ -104,6 +104,9 @@ sub decode { my ($self, $string, $class, $shash) = @_; $sorthash=$shash if defined($shash); + # for protected attributes + $string =~ s/\\0/\0/g; + my $cursor = 0; $self->{string} = \$string; $self->{cursor} = \$cursor; @@ -427,7 +430,9 @@ sub _encode { $buffer .= sprintf('d:%s;', $val); } elsif ( $type eq 'string' ) { - $buffer .= sprintf('s:%d:"%s";', length($val), $val); + my $length = length $val; + $val =~ s/\0/\\0/g; # protected attributes + $buffer .= qq{s:$length:"$val";}; } elsif ( $type eq 'array' ) { if ( ref($val) eq 'ARRAY' ) {


This service runs on Request Tracker, is sponsored by The Perl Foundation, and maintained by Best Practical Solutions.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.