Last active
August 30, 2019 20:14
-
-
Save ssigwart/7a89e31d85c99138470b800df39f1f83 to your computer and use it in GitHub Desktop.
PHP Nested Serialization Bug
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
// Possibly related: | |
// https://wiki.php.net/rfc/custom_object_serialization (Problems with existing custom object serialization mechanism) | |
// https://bugs.php.net/bug.php?id=76632 | |
// https://bugs.php.net/bug.php?id=66052 | |
// https://externals.io/message/98834 | |
class ABase implements Serializable | |
{ | |
public function serialize() | |
{ | |
return serialize(['base']); | |
} | |
public function unserialize($data) | |
{ | |
} | |
} | |
class A extends ABase | |
{ | |
public $c = null; | |
public function __construct() | |
{ | |
$this->c = new C(); | |
} | |
public function serialize() | |
{ | |
return serialize([$this->c, parent::serialize()]); | |
} | |
public function unserialize($data) | |
{ | |
$arr = unserialize($data); | |
$this->c = $arr[0]; | |
parent::unserialize($arr[1]); | |
} | |
} | |
class B | |
{ | |
public $c = null; | |
public function __construct(C $c) | |
{ | |
$this->c = $c; | |
} | |
} | |
class C | |
{ | |
private $var = 1; | |
} | |
ini_set('session.serialize_handler', 'php'); | |
session_start(); | |
$_SESSION['a'] = new A(); | |
$_SESSION['b'] = new B($_SESSION['a']->c); | |
$sessionData = session_encode(); | |
// print $sessionData . PHP_EOL; | |
if (!session_decode($sessionData)) | |
print 'Unserialization failed.' . PHP_EOL; | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment