douxuexiao1748 2010-03-03 21:42
浏览 62
已采纳

当序列化其他不相关的对象时,为什么对象会变成字符串?

The server at my old employer was rooted this past weekend and apparently the server provider made changes to the server which is affecting the PHP code.

The issue that has arisen is related to serializing objects. The objects being serialized, and other objects not being serialized, are being converted to strings thus breaking the code. This code worked before the server was hacked.

Here is what is happening: 

$plate = new Plate();
$plate2 = clone $plate;
gettype($plate); // Prints "object"
gettype($plate2); // Prints "object"

$_SESSION['plate'] = serialize($plate);

gettype($plate); // Prints "string"
gettype($plate2); // Prints "string"


$plate = new Plate();
$plate2 = new Plate();
gettype($plate); // Prints "object"
gettype($plate2); // Prints "object"

$_SESSION['plate'] = serialize($plate);

gettype($plate); // Prints "string"
gettype($plate2); // Prints "string"

As you can see the objects, even those not being serialized, are being converted to strings. Any insights?

EDIT: They are running PHP 5.2.12 with register globals on.

  • 写回答

1条回答 默认 最新

  • dtye7921 2010-03-03 21:57
    关注

    Update: I can reproduce half of your test case on PHP 5.3.1 but only if I have register_globals set to On: 

    session_start(); // obviously

class Plate  // to have something on my plate
 {

    var $Member1;
    var $Member2;

 }

$plate = new Plate();
$plate2 = clone $plate;
echo gettype($plate); // Prints "object"
echo gettype($plate2); // Prints "object"

$_SESSION['plate'] = serialize($plate);

echo gettype($plate); // Prints "string"
echo gettype($plate2); // Prints "object", unlike in your example

$plate = new Plate();
$plate2 = new Plate();
echo gettype($plate); // Prints "object"
echo gettype($plate2); // Prints "object"
$_SESSION['plate'] = serialize($plate);

echo gettype($plate); // Prints "string"
echo gettype($plate2); // Prints "object", unlike in your example

    $plate2 always remains untouched for me. Maybe you have a funny $plate2 = &something reference somewhere? Is this actual code? What does my code snippet do on your system?

    I think the buggy part has to do with that $_SESSION bug (or side-effect) that treats unitialized variables in $_SESSION as global variables. See this SO question. Changing the name of the session variable to something else will remedy this.

    $_SESSION['session_plate'] = serialize($plate);  // $plate will remain unharmed

    If setting register_globals to On was the change the provider made, then you should also go beat up your provider.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置
  • ¥15 有没有研究水声通信方面的帮我改俩matlab代码
  • ¥15 对于相关问题的求解与代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 信号傅里叶变换在matlab上遇到的小问题请求帮助
  • ¥15 保护模式-系统加载-段寄存器
  • ¥15 电脑桌面设定一个区域禁止鼠标操作
  • ¥15 求NPF226060磁芯的详细资料
  • ¥15 使用R语言marginaleffects包进行边际效应图绘制