potentially __sleep() bug

30/01/2008, 02h52

all,

i was playing around w/ some object serialization tonight during
further exploration of spl and i stumbled on what appears to be a
bug in the behavior of the __sleep() magic method.

here is the pertinent documentation on the method
..is supposed to return an array with the names of all variables
of that object that should be serialized.

so, the idea is, *only* the instance variables identified in the array
returned are marked for serialization.
however, it appears all instance variables are being serialized no matter what.
see the reproducible code below. ive run this on 2 separate php5
boxes, one w/ 5.2.5, another w/ a 5.2.something..

<?php
class A {
public $a1 = 'a1';
public $a2 = 'a2';
public $a3 = 'a3';

public function __sleep() {
echo __FUNCTION__ . PHP_EOL;
return array('a1', 'a2');
}
}

var_dump(unserialize(serialize(new A())));
?>

this is what i get despite having marked only member variables 'a',
and 'b' for serialization.

__sleep
object(A)#1 (3) {
["a1"]=>
string(2) "a1"
["a2"]=>
string(2) "a2"
["a3"]=>
string(2) "a3"
}

consensus ?

-nathan

30/01/2008, 03h24

On Jan 29, 8:52 pm, quickshif...@gmail.com ("Nathan Nobbe") wrote:
> all,
>
> i was playing around w/ some object serialization tonight during
> further exploration of spl and i stumbled on what appears to be a
> bug in the behavior of the __sleep() magic method.
>
> here is the pertinent documentation on the method
> ..is supposed to return an array with the names of all variables
> of that object that should be serialized.
>
> so, the idea is, *only* the instance variables identified in the array
> returned are marked for serialization.
> however, it appears all instance variables are being serialized no matter what.
> see the reproducible code below. ive run this on 2 separate php5
> boxes, one w/ 5.2.5, another w/ a 5.2.something..
>
> <?php
> class A {
> public $a1 = 'a1';
> public $a2 = 'a2';
> public $a3 = 'a3';
>
> public function __sleep() {
> echo __FUNCTION__ . PHP_EOL;
> return array('a1', 'a2');
> }
>
> }
>
> var_dump(unserialize(serialize(new A())));
> ?>
>
> this is what i get despite having marked only member variables 'a',
> and 'b' for serialization.
>
> __sleep
> object(A)#1 (3) {
> ["a1"]=>
> string(2) "a1"
> ["a2"]=>
> string(2) "a2"
> ["a3"]=>
> string(2) "a3"
>
> }
>
> consensus ?
>
> -nathan

When you unserialize it $a3 gets the default value you specified in
the class declaration. Try this:

$a = new A();
$a->a3 = 'foo';
var_dump($a);
var_dump(unserialize(serialize($a)));

See the difference?

30/01/2008, 14h06

Nathan Nobbe wrote:
> all,
>
> i was playing around w/ some object serialization tonight during
> further exploration of spl and i stumbled on what appears to be a
> bug in the behavior of the __sleep() magic method.
>
> here is the pertinent documentation on the method
> ..is supposed to return an array with the names of all variables
> of that object that should be serialized.
>
> so, the idea is, *only* the instance variables identified in the array
> returned are marked for serialization.
> however, it appears all instance variables are being serialized no matter what.
> see the reproducible code below. ive run this on 2 separate php5
> boxes, one w/ 5.2.5, another w/ a 5.2.something..
>
> <?php
> class A {
> public $a1 = 'a1';
> public $a2 = 'a2';
> public $a3 = 'a3';
>
> public function __sleep() {
> echo __FUNCTION__ . PHP_EOL;
> return array('a1', 'a2');
> }
> }
>
> var_dump(unserialize(serialize(new A())));
> ?>
>
> this is what i get despite having marked only member variables 'a',
> and 'b' for serialization.
>
> __sleep
> object(A)#1 (3) {
> ["a1"]=>
> string(2) "a1"
> ["a2"]=>
> string(2) "a2"
> ["a3"]=>
> string(2) "a3"
> }
>
> consensus ?
>

To check if __sleep is proper, you should be doing
var_dump(serialize(new A()));

unserialize'ing effectively also does a __wakeup()

This should give a clearer picture

<?php
class A {
public $a1 = 'a1';
public $a2 = 'a2';
public $a3 = null;

public function __construct(){
$this->a3 = 'a3';
}

public function __sleep() {
echo __FUNCTION__ . PHP_EOL;
return array('a1', 'a2');
}
}

var_dump(unserialize(serialize(new A())));
?>

__sleep
object(A)#1 (3) {
["a1"]=>
string(2) "a1"
["a2"]=>
string(2) "a2"
["a3"]=>
NULL
}

============= and ======================

<?php
class A {
public $a1 = 'a1';
public $a2 = 'a2';
public $a3 = null;

public function __construct(){
$this->a3 = 'a3';
}

public function __sleep() {
echo __FUNCTION__ . PHP_EOL;
return array('a1', 'a2', 'a3');
}
}

var_dump(unserialize(serialize(new A())));
?>

__sleep
object(A)#1 (3) {
["a1"]=>
string(2) "a1"
["a2"]=>
string(2) "a2"
["a3"]=>
string(2) "a3"
}

--
Regards,
Anup Shukla

30/01/2008, 03h24	#2
ZeldorBlat Messages: n/a Hébergeur:	Re: potentially __sleep() bug On Jan 29, 8:52 pm, quickshif...@gmail.com ("Nathan Nobbe") wrote: > all, > > i was playing around w/ some object serialization tonight during > further exploration of spl and i stumbled on what appears to be a > bug in the behavior of the __sleep() magic method. > > here is the pertinent documentation on the method > ..is supposed to return an array with the names of all variables > of that object that should be serialized. > > so, the idea is, only the instance variables identified in the array > returned are marked for serialization. > however, it appears all instance variables are being serialized no matter what. > see the reproducible code below. ive run this on 2 separate php5 > boxes, one w/ 5.2.5, another w/ a 5.2.something.. > > <?php > class A { > public $a1 = 'a1'; > public $a2 = 'a2'; > public $a3 = 'a3'; > > public function __sleep() { > echo __FUNCTION__ . PHP_EOL; > return array('a1', 'a2'); > } > > } > > var_dump(unserialize(serialize(new A()))); > ?> > > this is what i get despite having marked only member variables 'a', > and 'b' for serialization. > > __sleep > object(A)#1 (3) { > ["a1"]=> > string(2) "a1" > ["a2"]=> > string(2) "a2" > ["a3"]=> > string(2) "a3" > > } > > consensus ? > > -nathan When you unserialize it $a3 gets the default value you specified in the class declaration. Try this: $a = new A(); $a->a3 = 'foo'; var_dump($a); var_dump(unserialize(serialize($a))); See the difference?

30/01/2008, 14h06	#3
Anup Shukla Messages: n/a Hébergeur:	Re: [PHP] potentially __sleep() bug Nathan Nobbe wrote: > all, > > i was playing around w/ some object serialization tonight during > further exploration of spl and i stumbled on what appears to be a > bug in the behavior of the __sleep() magic method. > > here is the pertinent documentation on the method > ..is supposed to return an array with the names of all variables > of that object that should be serialized. > > so, the idea is, only the instance variables identified in the array > returned are marked for serialization. > however, it appears all instance variables are being serialized no matter what. > see the reproducible code below. ive run this on 2 separate php5 > boxes, one w/ 5.2.5, another w/ a 5.2.something.. > > <?php > class A { > public $a1 = 'a1'; > public $a2 = 'a2'; > public $a3 = 'a3'; > > public function __sleep() { > echo __FUNCTION__ . PHP_EOL; > return array('a1', 'a2'); > } > } > > var_dump(unserialize(serialize(new A()))); > ?> > > this is what i get despite having marked only member variables 'a', > and 'b' for serialization. > > __sleep > object(A)#1 (3) { > ["a1"]=> > string(2) "a1" > ["a2"]=> > string(2) "a2" > ["a3"]=> > string(2) "a3" > } > > consensus ? > To check if __sleep is proper, you should be doing var_dump(serialize(new A())); unserialize'ing effectively also does a __wakeup() This should give a clearer picture <?php class A { public $a1 = 'a1'; public $a2 = 'a2'; public $a3 = null; public function __construct(){ $this->a3 = 'a3'; } public function __sleep() { echo __FUNCTION__ . PHP_EOL; return array('a1', 'a2'); } } var_dump(unserialize(serialize(new A()))); ?> __sleep object(A)#1 (3) { ["a1"]=> string(2) "a1" ["a2"]=> string(2) "a2" ["a3"]=> NULL } ============= and ====================== <?php class A { public $a1 = 'a1'; public $a2 = 'a2'; public $a3 = null; public function __construct(){ $this->a3 = 'a3'; } public function __sleep() { echo __FUNCTION__ . PHP_EOL; return array('a1', 'a2', 'a3'); } } var_dump(unserialize(serialize(new A()))); ?> __sleep object(A)#1 (3) { ["a1"]=> string(2) "a1" ["a2"]=> string(2) "a2" ["a3"]=> string(2) "a3" } -- Regards, Anup Shukla

30/01/2008, 02h52	#1
Nathan Nobbe Messages: n/a Hébergeur:	potentially __sleep() bug all, i was playing around w/ some object serialization tonight during further exploration of spl and i stumbled on what appears to be a bug in the behavior of the __sleep() magic method. here is the pertinent documentation on the method ..is supposed to return an array with the names of all variables of that object that should be serialized. so, the idea is, only the instance variables identified in the array returned are marked for serialization. however, it appears all instance variables are being serialized no matter what. see the reproducible code below. ive run this on 2 separate php5 boxes, one w/ 5.2.5, another w/ a 5.2.something.. <?php class A { public $a1 = 'a1'; public $a2 = 'a2'; public $a3 = 'a3'; public function __sleep() { echo __FUNCTION__ . PHP_EOL; return array('a1', 'a2'); } } var_dump(unserialize(serialize(new A()))); ?> this is what i get despite having marked only member variables 'a', and 'b' for serialization. __sleep object(A)#1 (3) { ["a1"]=> string(2) "a1" ["a2"]=> string(2) "a2" ["a3"]=> string(2) "a3" } consensus ? -nathan

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email