News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Reddit.com:
Just a warning, 5.5.13 introduces a backwards incomaptability
June 02, 2014 @ 11:56:16

In this recent post to Reddit.com, they point out a recent change in the core of PHP that could cause problems with backward compatibility: a change in the serialization handling to check for implementation of the Serializable interface.

Strings requiring unserialization of objects are now explicitly checked whether the object they contain implements the Serializable interface. This solves the situation where manipulated strings could be passed for objects using Serializable to disallow serialization. An object implementing Serializable will always start with "C:" in the serialized string, all other objects are represented with starting "O:". Objects implementing Serializable to disable serialization using zend_class_unserialize_deny and zend_class_serialize_deny, when instantiated from the serializer with a manipulated "O:" string at the start, will most likely be defectively initialized. This is now fixed at the appropriate place by checking for the presence of the serialize callback in the class entry.

The change corrects a bug that has been used, in certain cases, as a work-around to create objects without calling the constructor. The correct fix for it, if you're using it in your own applications, is to call ReflectionObject::newInstanceWithoutConstructor.

0 comments voice your opinion now!
backwards compatibility break serialize

Link: http://www.reddit.com/r/PHP/comments/26w42x/just_a_warning_5513_introduces_a_backwards/

blog comments powered by Disqus

Similar Posts

David Goodwin's Blog: Storing PHP objects in a database (please no!)

DevShed: Using the Sleep and Wakeup Functions to Serialize Objects in PHP (Part 2)

Mattias Noback: Backwards compatible bundle releases

Cyberlot\'s Blog: Another PHP BC break

Robert Basic's Blog: A real gem PHP_CompatInfo


Community Events





Don't see your event here?
Let us know!


voicesoftheelephpant interview laravel opinion composer tool version introduction security language list conference framework example symfony library podcast package series community

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework