Edit report at http://bugs.php.net/bug.php?id=49800&edit=1
ID: 49800 Comment by: admin at fazigame dot com Reported by: wmeler at wp-sa dot pl Summary: SimpleXML allow serialize() calls without warning Status: Closed Type: Bug Package: SimpleXML related Operating System: any PHP Version: 5.3.0 New Comment: Well I have problem because I have serialize(debug_backtrace()) and in backtrace I have simplexml and I got error "Serialization of 'SimpleXMLElement' is not allowed" I can do for each all backtrace and remove this but shoudl be able to seriazlie backtrace... Previous Comments: ------------------------------------------------------------------------ [2009-10-07 12:46:37] il...@php.net This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. ------------------------------------------------------------------------ [2009-10-07 12:46:30] s...@php.net Automatic comment from SVN on behalf of iliaa Revision: http://svn.php.net/viewvc/?view=revision&revision=289279 Log: Fixed bug #49800 (SimpleXML allow (un)serialize() calls without warning). # original patch by wmeler at wp-sa dot pl ------------------------------------------------------------------------ [2009-10-07 09:09:44] wmeler at wp-sa dot pl Description: ------------ simplexml allows serialization which can (and should) be easily forbidden with following patch --- php-5.3.0/ext/simplexml/simplexml.c 2009-06-11 11:41:15.000000000 +0200 +++ arisphp5/php/ext/simplexml/simplexml.c 2009-10-06 18:39:54.000652000 +0200 @@ -2526,6 +2526,8 @@ sxe_class_entry = zend_register_internal_class(&sxe TSRMLS_CC); sxe_class_entry->get_iterator = php_sxe_get_iterator; sxe_class_entry->iterator_funcs.funcs = &php_sxe_iterator_funcs; + sxe_class_entry->serialize = zend_class_serialize_deny; + sxe_class_entry->unserialize = zend_class_unserialize_deny; zend_class_implements(sxe_class_entry TSRMLS_CC, 1, zend_ce_traversable); sxe_object_handlers.get_method = zend_get_std_object_handlers()->get_method; sxe_object_handlers.get_constructor = zend_get_std_object_handlers()->get_constructor; Reproduce code: --------------- <? echo serialize(simplexml_load_string("<xml/>")); Expected result: ---------------- Exception: Serialization of 'SimpleXMLElement' is not allowed in ... Actual result: -------------- O:16:"SimpleXMLElement":0:{} ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=49800&edit=1
