[Bug 310845] Re: php5 serialize() function corrupt strings
Can you please show the actual output of the script? Also, your script doesn't show the unserialized version of the data. I suggest you add the following to your script and show the output: $blob = serialize($data) ; $new_data = unserialize($blob) ; var_dump($new_data) ; -- php5 serialize() function corrupt strings https://bugs.launchpad.net/bugs/310845 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 310845] Re: php5 serialize() function corrupt strings
OK, adding this lines, I got this output:
///
object(Something)[1]
public 'a' = string '123' (length=3)
protected 'b' = string 'abc' (length=3)
private 'c' = string 'xyz' (length=3)
string
'O:9:Something:3:{s:1:a;s:3:123;s:4:�*�b;s:3:abc;s:12:�Something�c;s:3:xyz;}'
(length=89)
object(Something)[2]
public 'a' = string '123' (length=3)
protected 'b' = string 'abc' (length=3)
private 'c' = string 'xyz' (length=3)
///
Unserialize process doesn't fail. Only serialized string has wrong characters.
The problem is that I'm working on an algorithm, which requires making hashing
serialized in the chain with the data stored externally (cookies, database,
files, ...). By comparing the hash to the server with the problem, with the
hash stored in external storage, do not match.
Testing the same algorithm on another server with the same version of
PHP, produces no fault and get the desired result.
I also tried to install packages php, reconstructed with the command:
apt-get source -b libapache2-mod-php5
But given the same result.
Another info:
If the serialized string is passed to other functions (such as encrypt and
decrypt with mcrypt), apparently the string is clean of these strange
characters.
PS: 2 friends with Ubuntu 8.10 have confirmed the fail.
--
php5 serialize() function corrupt strings
https://bugs.launchpad.net/bugs/310845
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 310845] Re: php5 serialize() function corrupt strings
This is not a fail. I think you misunderstand what serialize() does. The purpose is to encapsulate the content of an object - be it a string, array or class - and store it in a single string variable. The PHP manual says this about serialize(): Returns a string containing a byte-stream representation of value that can be stored anywhere. If you want to pass the serialised bytes around, then you need to either URL-encode them, or store it as a binary string. I am closing this as an invalid bug and removing the security team. ** Changed in: php5 (Ubuntu) Status: New = Invalid -- php5 serialize() function corrupt strings https://bugs.launchpad.net/bugs/310845 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 310845] Re: php5 serialize() function corrupt strings
** This bug is no longer flagged as a security issue -- php5 serialize() function corrupt strings https://bugs.launchpad.net/bugs/310845 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 310845] Re: php5 serialize() function corrupt strings
Can you please show the actual output of the script? Also, your script doesn't show the unserialized version of the data. I suggest you add the following to your script and show the output: $blob = serialize($data) ; $new_data = unserialize($blob) ; var_dump($new_data) ; -- php5 serialize() function corrupt strings https://bugs.launchpad.net/bugs/310845 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 310845] Re: php5 serialize() function corrupt strings
OK, adding this lines, I got this output:
///
object(Something)[1]
public 'a' = string '123' (length=3)
protected 'b' = string 'abc' (length=3)
private 'c' = string 'xyz' (length=3)
string
'O:9:Something:3:{s:1:a;s:3:123;s:4:�*�b;s:3:abc;s:12:�Something�c;s:3:xyz;}'
(length=89)
object(Something)[2]
public 'a' = string '123' (length=3)
protected 'b' = string 'abc' (length=3)
private 'c' = string 'xyz' (length=3)
///
Unserialize process doesn't fail. Only serialized string has wrong characters.
The problem is that I'm working on an algorithm, which requires making hashing
serialized in the chain with the data stored externally (cookies, database,
files, ...). By comparing the hash to the server with the problem, with the
hash stored in external storage, do not match.
Testing the same algorithm on another server with the same version of
PHP, produces no fault and get the desired result.
I also tried to install packages php, reconstructed with the command:
apt-get source -b libapache2-mod-php5
But given the same result.
Another info:
If the serialized string is passed to other functions (such as encrypt and
decrypt with mcrypt), apparently the string is clean of these strange
characters.
PS: 2 friends with Ubuntu 8.10 have confirmed the fail.
--
php5 serialize() function corrupt strings
https://bugs.launchpad.net/bugs/310845
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 310845] Re: php5 serialize() function corrupt strings
This is not a fail. I think you misunderstand what serialize() does. The purpose is to encapsulate the content of an object - be it a string, array or class - and store it in a single string variable. The PHP manual says this about serialize(): Returns a string containing a byte-stream representation of value that can be stored anywhere. If you want to pass the serialised bytes around, then you need to either URL-encode them, or store it as a binary string. I am closing this as an invalid bug and removing the security team. ** Changed in: php5 (Ubuntu) Status: New = Invalid -- php5 serialize() function corrupt strings https://bugs.launchpad.net/bugs/310845 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 310845] Re: php5 serialize() function corrupt strings
** This bug is no longer flagged as a security issue -- php5 serialize() function corrupt strings https://bugs.launchpad.net/bugs/310845 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
