This is not a fail. I think you misunderstand what serialize() does. The purpose is to encapsulate the content of an object - be it a string, array or class - and store it in a single string variable.
The PHP manual says this about serialize(): "Returns a string containing a byte-stream representation of value that can be stored anywhere." If you want to pass the serialised bytes around, then you need to either URL-encode them, or store it as a binary string. I am closing this as an invalid bug and removing the security team. ** Changed in: php5 (Ubuntu) Status: New => Invalid -- php5 serialize() function corrupt strings https://bugs.launchpad.net/bugs/310845 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs