News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Reddit.com:
Just a warning, 5.5.13 introduces a backwards incomaptability
June 02, 2014 @ 11:56:16

In this recent post to Reddit.com, they point out a recent change in the core of PHP that could cause problems with backward compatibility: a change in the serialization handling to check for implementation of the Serializable interface.

Strings requiring unserialization of objects are now explicitly checked whether the object they contain implements the Serializable interface. This solves the situation where manipulated strings could be passed for objects using Serializable to disallow serialization. An object implementing Serializable will always start with "C:" in the serialized string, all other objects are represented with starting "O:". Objects implementing Serializable to disable serialization using zend_class_unserialize_deny and zend_class_serialize_deny, when instantiated from the serializer with a manipulated "O:" string at the start, will most likely be defectively initialized. This is now fixed at the appropriate place by checking for the presence of the serialize callback in the class entry.

The change corrects a bug that has been used, in certain cases, as a work-around to create objects without calling the constructor. The correct fix for it, if you're using it in your own applications, is to call ReflectionObject::newInstanceWithoutConstructor.

0 comments voice your opinion now!
backwards compatibility break serialize

Link: http://www.reddit.com/r/PHP/comments/26w42x/just_a_warning_5513_introduces_a_backwards/

blog comments powered by Disqus

Similar Posts

Phil Sturgeon's Blog: PHP Format abstraction with a simple class

DevShed: Fetching Search Results as Serialized Arrays with Yahoo Web Services and PHP 5

Shanku Niyogi\'s Blog: Using Atlas with PHP

Typical Programmer Blog: Doing it wrong: getters and setters

Elated.com: Object-Oriented PHP: Autoloading, Serializing, and Querying Objects


Community Events





Don't see your event here?
Let us know!


unittest community framework install refactor release list laravel introduction language symfony2 code api testing interview opinion podcast threedevsandamaybe series developer

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework