Re: [PHP-DEV] json_encode ignores protected/private class members
Hi, So I guess the conclusion is: Create a feature request ticket, take the information from this thread and put it into the ticket .. and ideally write a patch yourself or motivate someone else .. regards, Lukas -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] json_encode ignores protected/private class members
Hi Jaris: I don't know if I'm using json_encode for something it's not supposed to do. I'm using it to serialize an object to send it to another runtime-environment in response to an remote call, just like what I can do with SOAP, REST or RMI. In this context I don't see much sense in preventing protected/private data from being transfered. So you are accessing the class from outside. This is exactly the situation where private and protected should not be visible. It's just like you're trying to access private properties from the wrong scope in PHP itself: ?php class c { private $p = 'hidden'; } $o = new c; echo $o-p; // This will fail, as it should. You need to change your architecture to do what you want. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] json_encode ignores protected/private class members
2008/10/9 Rodrigo Saboya [EMAIL PROTECTED]: Jarismar Chaves da Silva wrote: I agree with you. But when using json_encode I believe the developer wants to transfer the complete object state, just like when using serialize. Serialize does see private/protected class members, while json_encode not. Javascript does not have class-accessors so why not convert protected/private to public javascript attributes. In theory only the public members are relevant to anyone except the object itself. If you need information about private/protected members you are either using the wrong visibility for your variables or using json for something it's not supposed to do. -- Rodrigo Saboya -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php A simply userland solution would be to use an abstract base class with json_encode()/json_decode() as public final methods. All classes needing to support json_encode/json_decode would simply need to extend from this base class. No need to add even more magic to the base stdClass. Richard. -- - Richard Quadling Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498r=213474731 Standing on the shoulders of some very clever giants! -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] json_encode ignores protected/private class members
2008/10/10 Jarismar Chaves da Silva [EMAIL PROTECTED]: Rodrigo Saboya wrote: Jarismar Chaves da Silva wrote: I agree with you. But when using json_encode I believe the developer wants to transfer the complete object state, just like when using serialize. Serialize does see private/protected class members, while json_encode not. Javascript does not have class-accessors so why not convert protected/private to public javascript attributes. In theory only the public members are relevant to anyone except the object itself. If you need information about private/protected members you are either using the wrong visibility for your variables or using json for something it's not supposed to do. Yes, of course. But currently json_encode ignores the attributes even if the call is from inside the class. ?php class Person { protected $name; public function __construct($sName) { $this-name = $sName; } public function toJSON() { return json_encode($this); } } $person = new Person('jaris'); print $person-toJSON(); // == will print an empty object e.g. {} ? I don't know if I'm using json_encode for something it's not supposed to do. I'm using it to serialize an object to send it to another runtime-environment in response to an remote call, just like what I can do with SOAP, REST or RMI. In this context I don't see much sense in preventing protected/private data from being transfered. Regards, Jaris. -- Rodrigo Saboya -- *Jarismar Chaves da Silva, M.Sc.* *ADP**Labs** Brazil** [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] http://www.adp.com Let's just for example say that class X has the username and password values for the login system. You've made them private as only this class should access them. How are you going to stop the json_encode() from seeing them and passing them on. -- - Richard Quadling Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498r=213474731 Standing on the shoulders of some very clever giants! -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] json_encode ignores protected/private class members
Rodrigo Saboya wrote: Jarismar Chaves da Silva wrote: I agree with you. But when using json_encode I believe the developer wants to transfer the complete object state, just like when using serialize. Serialize does see private/protected class members, while json_encode not. Javascript does not have class-accessors so why not convert protected/private to public javascript attributes. In theory only the public members are relevant to anyone except the object itself. If you need information about private/protected members you are either using the wrong visibility for your variables or using json for something it's not supposed to do. Yes, of course. But currently json_encode ignores the attributes even if the call is from inside the class. ?php class Person { protected $name; public function __construct($sName) { $this-name = $sName; } public function toJSON() { return json_encode($this); } } $person = new Person('jaris'); print $person-toJSON(); // == will print an empty object e.g. {} ? I don't know if I'm using json_encode for something it's not supposed to do. I'm using it to serialize an object to send it to another runtime-environment in response to an remote call, just like what I can do with SOAP, REST or RMI. In this context I don't see much sense in preventing protected/private data from being transfered. Regards, Jaris. -- Rodrigo Saboya -- *Jarismar Chaves da Silva, M.Sc.* *ADP**Labs** Brazil** [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] http://www.adp.com
Re: [PHP-DEV] json_encode ignores protected/private class members
Until this gets fixed instead of declaring the properties public you can use a encode method like this: ? class c1 { protected $p1 = 'aa'; public $p2 = 'bb'; public function enc() { //print $this-p1; return json_encode(get_object_vars($this));//this will encode the protected var } } $o = new c1; print $o-enc(); ? On Thu, Oct 9, 2008 at 3:54 PM, Jarismar Chaves da Silva [EMAIL PROTECTED] wrote: Hi internals, Does anyone knows why json_encode ignores protected/public class members ? I've searching about it on documentation an mailing lists but found nothing but workarounds. Until now I'm forced to change my classes to use public members when I need to send a PHP object on e.g. AJAX responses. It would be nice if json_encode also send those attributes or at least have a parameter to whether send non-public attributes or not. Thanks in advance. Jaris. -- *Jarismar Chaves da Silva, M.Sc.* *ADP**Labs** Brazil** [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] http://www.adp.com
Re: [PHP-DEV] json_encode ignores protected/private class members
Ok, nice solution, but I still don't see why json_encode ignores protected/private class members. I mean, why we need this feature. Vesselin Kenashkov wrote: Until this gets fixed instead of declaring the properties public you can use a encode method like this: ? class c1 { protected $p1 = 'aa'; public $p2 = 'bb'; public function enc() { //print $this-p1; return json_encode(get_object_vars($this));//this will encode the protected var } } $o = new c1; print $o-enc(); ? On Thu, Oct 9, 2008 at 3:54 PM, Jarismar Chaves da Silva [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi internals, Does anyone knows why json_encode ignores protected/public class members ? I've searching about it on documentation an mailing lists but found nothing but workarounds. Until now I'm forced to change my classes to use public members when I need to send a PHP object on e.g. AJAX responses. It would be nice if json_encode also send those attributes or at least have a parameter to whether send non-public attributes or not. Thanks in advance. Jaris. -- *Jarismar Chaves da Silva, M.Sc.* *ADP**Labs** Brazil** [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] http://www.adp.com -- *Jarismar Chaves da Silva, M.Sc.* *ADP**Labs** Brazil** *+55 51 3327 1491 – Direct +55 51 9947 3613 – Mobile [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] http://www.adp.com This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.
Re: [PHP-DEV] json_encode ignores protected/private class members
Ok, nice solution, but I still don't see why json_encode ignores protected/private class members. I mean, why we need this feature. Because, in theory, it shouldn't even be able to see those members? Stefan's right. Unless you are in the local scope or inheriting the object you shouldn't be able to see those variables. And I have yet to see classs Name extends json_decode($jsonValues) { } That's the point in having access modifiers. Unless I'm mistaking there's no bug there. -- Slan, David -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] json_encode ignores protected/private class members
I still don't see why json_encode ignores protected/private class members. I mean, why we need this feature. Because, in theory, it shouldn't even be able to see those members? Stefan's right. Unless you are in the local scope or inheriting the object you shouldn't be able to see those variables. And I have yet to see classs Name extends json_decode($jsonValues) { } That's the point in having access modifiers. Unless I'm mistaking there's no bug there. well .. i think this is at least the common use case. then again, json is an encoding format, and i expect that i can get the same object state by decoding. so the expectation to also get non public properties in the json encoded string is not totally crazy. I'd have thought the common use case is that you only want the public class members, unless you're inside the class. It could make sense to have an additional member visibility filter flag of some kind, defaulting to public visibility, but can be set to encode protected or private members as well (for backwards compatibility). It would be nice (I suppose) if it automatically encoded private/protected members as well depending on context, but I'm not sure how complex it would be to add, and how intuitive it would be. I think that the solution given earlier is best though - explicitly encoding the array returned by get_object_vars(). But when using json_encode I believe the developer wants to transfer the complete object state, just like when using serialize. Serialize does see private/protected class members, while json_encode not. If you want to serialize an object, then use the appropriate function. I think that json_encode() has the correct behaviour - encoding only the publicly-visible structure of an object. They have fundamentally different aims. If you want to expose data to an external source (e.g. JavaScript) then surely it would make sense for it to be a public class member? Why would you not want your PHP code to be able to access it? Javascript does not have class-accessors so why not convert protected/private to public javascript attributes. That's true, although it does have convention that members beginning with an underscore are generally understood to be treated as private/protected. Dave -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] json_encode ignores protected/private class members
On 09.10.2008, at 15:45, Dave Ingram wrote: But when using json_encode I believe the developer wants to transfer the complete object state, just like when using serialize. Serialize does see private/protected class members, while json_encode not. If you want to serialize an object, then use the appropriate function. I think that json_encode() has the correct behaviour - encoding only the publicly-visible structure of an object. They have fundamentally different aims. If you want to expose data to an external source (e.g. JavaScript) then surely it would make sense for it to be a public class member? Why would you not want your PHP code to be able to access it? Because JSON is a language agnostic serialization format. Again I agree that in the usual situation you only want public, but the other use case is also quite legit. Having to add such a hack into every class is not very useable, especially until we have traits. regards, Lukas Kahwe Smith [EMAIL PROTECTED] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] json_encode ignores protected/private class members
On Thursday 09 October 2008 15:31:54 Lukas Kahwe Smith wrote: well .. i think this is at least the common use case. then again, json is an encoding format, and i expect that i can get the same object state by decoding. so the expectation to also get non public properties in the json encoded string is not totally crazy. Well, you lose the information about the class anyway, so there is no way to decode it to the previous state without implementing it yourself, and in order to set private/protected attributes, you have to implement it as a method ... and if you do that, it's natural that you also do a member function that does the encoding, so the round-trip argument doesn't really work. however changing this at this point would be a huge security issue, so if at all, it would need to be handled by an optional parameter that defaults to false. That would be unclean. If it's implemented in some way, json_encode should look for the implementation of some interface (JSONEncodable or something) providing encoding/decoding methods (similar to __sleep/__wakeup). Regards, Stefan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] json_encode ignores protected/private class members
Stefan Walk wrote: That would be unclean. If it's implemented in some way, json_encode should look for the implementation of some interface (JSONEncodable or something) providing encoding/decoding methods (similar to __sleep/__wakeup). Looking at our current JSON implementations, such an interface would be very very welcome. If at all possible something like JSONDecodable would be great as well, for restoring class members from json. Ron -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] json_encode ignores protected/private class members
On Thursday 09 October 2008 15:13:43 Jarismar Chaves da Silva wrote: Ok, nice solution, but I still don't see why json_encode ignores protected/private class members. I mean, why we need this feature. Because, in theory, it shouldn't even be able to see those members? Regards, Stefan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] json_encode ignores protected/private class members
however changing this at this point would be a huge security issue, so if at all, it would need to be handled by an optional parameter that defaults to false. That would be unclean. If it's implemented in some way, json_encode should look for the implementation of some interface (JSONEncodable or something) providing encoding/decoding methods (similar to __sleep/__wakeup). I must say that does sound like a very elegant way of doing things. Then the default for __json_encode() would encode the public members, and there would be no default __json_decode(), I suppose. Dave
Re: [PHP-DEV] json_encode ignores protected/private class members
I agree with you. But when using json_encode I believe the developer wants to transfer the complete object state, just like when using serialize. Serialize does see private/protected class members, while json_encode not. Javascript does not have class-accessors so why not convert protected/private to public javascript attributes. Stefan Walk wrote: On Thursday 09 October 2008 15:13:43 Jarismar Chaves da Silva wrote: Ok, nice solution, but I still don't see why json_encode ignores protected/private class members. I mean, why we need this feature. Because, in theory, it shouldn't even be able to see those members? Regards, Stefan -- *Jarismar Chaves da Silva, M.Sc.* *ADP**Labs** Brazil** [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] http://www.adp.com
Re: [PHP-DEV] json_encode ignores protected/private class members
On 09.10.2008, at 15:26, David Coallier wrote: Ok, nice solution, but I still don't see why json_encode ignores protected/private class members. I mean, why we need this feature. Because, in theory, it shouldn't even be able to see those members? Stefan's right. Unless you are in the local scope or inheriting the object you shouldn't be able to see those variables. And I have yet to see classs Name extends json_decode($jsonValues) { } That's the point in having access modifiers. Unless I'm mistaking there's no bug there. well .. i think this is at least the common use case. then again, json is an encoding format, and i expect that i can get the same object state by decoding. so the expectation to also get non public properties in the json encoded string is not totally crazy. however changing this at this point would be a huge security issue, so if at all, it would need to be handled by an optional parameter that defaults to false. regards, Lukas Kahwe Smith [EMAIL PROTECTED] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] json_encode ignores protected/private class members
Yes, it like it too. Just like an OOP should be. Dave Ingram wrote: however changing this at this point would be a huge security issue, so if at all, it would need to be handled by an optional parameter that defaults to false. That would be unclean. If it's implemented in some way, json_encode should look for the implementation of some interface (JSONEncodable or something) providing encoding/decoding methods (similar to __sleep/__wakeup). I must say that does sound like a very elegant way of doing things. Then the default for __json_encode() would encode the public members, and there would be no default __json_decode(), I suppose. Dave -- *Jarismar Chaves da Silva, M.Sc.* *ADP**Labs** Brazil** *+55 51 3327 1491 -- Direct +55 51 9947 3613 -- Mobile [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] http://www.adp.com This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.
Re: [PHP-DEV] json_encode ignores protected/private class members
Jarismar Chaves da Silva wrote: I agree with you. But when using json_encode I believe the developer wants to transfer the complete object state, just like when using serialize. Serialize does see private/protected class members, while json_encode not. Javascript does not have class-accessors so why not convert protected/private to public javascript attributes. In theory only the public members are relevant to anyone except the object itself. If you need information about private/protected members you are either using the wrong visibility for your variables or using json for something it's not supposed to do. -- Rodrigo Saboya -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php