This is not a fail. I think you misunderstand what serialize() does. The purpose is to encapsulate the content of an object - be it a string, array or class - and store it in a single string variable.
The PHP manual says this about serialize(): "Returns a string containing a byte-stream representation of value that can be stored anywhere." If you want to pass the serialised bytes around, then you need to either URL-encode them, or store it as a binary string. I am closing this as an invalid bug and removing the security team. ** Changed in: php5 (Ubuntu) Status: New => Invalid -- php5 serialize() function corrupt strings https://bugs.launchpad.net/bugs/310845 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs