[Bug 310845] [NEW] php5 serialize() function corrupt strings
sir_gon
gnzsquall at gmail.com
Tue Dec 23 09:11:04 GMT 2008
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: libapache2-mod-php5
Package: PHP5: Version: 5.2.6-2ubuntu4
Ubuntu: 8.10 Intrepid Ibex
If a common object with protected or private properties is serialized, the returned string includes invalid characters.
This problem could affect the any php webservices on a Ubuntu based server.
Example script serializeTest.php:
/////////////////////////////
<?php
class Something
{
public $a = '123';
protected $b = 'abc';
private $c = 'xyz';
}
$data = new Something();
var_dump( $data ); // <= OK
var_dump( serialize($data) ); // <= Show invalid characters
/////////////////////////////
If I running the same script in php5-cgi, the problem does not happen.
Also I tried in hosting with php 5.2.6, and it does not happen the problems either.
** Affects: php5 (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
--
php5 serialize() function corrupt strings
https://bugs.launchpad.net/bugs/310845
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list