[Bug 310845] Re: php5 serialize() function corrupt strings

Onno Benschop onno at itmaze.com.au
Tue Dec 23 23:37:59 GMT 2008


This is not a fail.

I think you misunderstand what serialize() does. The purpose is to
encapsulate the content of an object - be it a string, array or class -
and store it in a single string variable.

The PHP manual says this about serialize():

"Returns a string containing a byte-stream representation of value that
can be stored anywhere."

If you want to pass the serialised bytes around, then you need to either
URL-encode them, or store it as a binary string.

I am closing this as an invalid bug and removing the security team.

** Changed in: php5 (Ubuntu)
       Status: New => Invalid

-- 
php5 serialize() function corrupt strings
https://bugs.launchpad.net/bugs/310845
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.



More information about the Ubuntu-server-bugs mailing list