douxuexiao1748 2010-03-03 21:42
浏览 62
已采纳

当序列化其他不相关的对象时,为什么对象会变成字符串?

The server at my old employer was rooted this past weekend and apparently the server provider made changes to the server which is affecting the PHP code.

The issue that has arisen is related to serializing objects. The objects being serialized, and other objects not being serialized, are being converted to strings thus breaking the code. This code worked before the server was hacked.

Here is what is happening: 

$plate = new Plate();
$plate2 = clone $plate;
gettype($plate); // Prints "object"
gettype($plate2); // Prints "object"

$_SESSION['plate'] = serialize($plate);

gettype($plate); // Prints "string"
gettype($plate2); // Prints "string"


$plate = new Plate();
$plate2 = new Plate();
gettype($plate); // Prints "object"
gettype($plate2); // Prints "object"

$_SESSION['plate'] = serialize($plate);

gettype($plate); // Prints "string"
gettype($plate2); // Prints "string"

As you can see the objects, even those not being serialized, are being converted to strings. Any insights?

EDIT: They are running PHP 5.2.12 with register globals on.

  • 写回答

1条回答 默认 最新

  • dtye7921 2010-03-03 21:57
    关注

    Update: I can reproduce half of your test case on PHP 5.3.1 but only if I have register_globals set to On: 

    session_start(); // obviously

class Plate  // to have something on my plate
 {

    var $Member1;
    var $Member2;

 }

$plate = new Plate();
$plate2 = clone $plate;
echo gettype($plate); // Prints "object"
echo gettype($plate2); // Prints "object"

$_SESSION['plate'] = serialize($plate);

echo gettype($plate); // Prints "string"
echo gettype($plate2); // Prints "object", unlike in your example

$plate = new Plate();
$plate2 = new Plate();
echo gettype($plate); // Prints "object"
echo gettype($plate2); // Prints "object"
$_SESSION['plate'] = serialize($plate);

echo gettype($plate); // Prints "string"
echo gettype($plate2); // Prints "object", unlike in your example

    $plate2 always remains untouched for me. Maybe you have a funny $plate2 = &something reference somewhere? Is this actual code? What does my code snippet do on your system?

    I think the buggy part has to do with that $_SESSION bug (or side-effect) that treats unitialized variables in $_SESSION as global variables. See this SO question. Changing the name of the session variable to something else will remedy this.

    $_SESSION['session_plate'] = serialize($plate);  // $plate will remain unharmed

    If setting register_globals to On was the change the provider made, then you should also go beat up your provider.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 socket通信实现多人聊天室疑惑
  • ¥15 DEV-C++编译缺失
  • ¥33 找熟练码农写段Pyhthon程序
  • ¥100 怎么让数据库字段自动更新
  • ¥15 antv g6 力导向图布局
  • ¥15 quartz框架,No record found for selection of Trigger with key
  • ¥15 锅炉建模+优化算法,遗传算法优化锅炉燃烧模型,ls-svm会搞,后面的智能算法不会
  • ¥20 MATLAB多目标优化问题求解
  • ¥15 windows2003服务器按你VPN教程设置后,本地win10如何连接?
  • ¥15 求一阶微分方程的幂级数