*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: libapache2-mod-php5 Package: PHP5: Version: 5.2.6-2ubuntu4 Ubuntu: 8.10 Intrepid Ibex If a common object with protected or private properties is serialized, the returned string includes invalid characters. This problem could affect the any php webservices on a Ubuntu based server. Example script serializeTest.php: ///////////////////////////// <?php class Something { public $a = '123'; protected $b = 'abc'; private $c = 'xyz'; } $data = new Something(); var_dump( $data ); // <= OK var_dump( serialize($data) ); // <= Show invalid characters ///////////////////////////// If I running the same script in php5-cgi, the problem does not happen. Also I tried in hosting with php 5.2.6, and it does not happen the problems either. ** Affects: php5 (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- php5 serialize() function corrupt strings https://bugs.launchpad.net/bugs/310845 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs