Giter Site home page Giter Site logo

Comments (4)

golgote avatar golgote commented on July 19, 2024

I forgot to mention that I am running PHP 5.6.6.
Thanks.

from msgpack-php.

joeyhub avatar joeyhub commented on July 19, 2024

A five second scan and here is something dodgy already:
zend_hash_internal_pointer_reset_ex(htval, &valpos);
for (;; zend_hash_move_forward_ex(htval, &valpos))

The lib could probably be sped up with foreach a as v, k in C and the key check for non-existent removed altogether.

from msgpack-php.

joeyhub avatar joeyhub commented on July 19, 2024 
# php -r 'echo msgpack_pack(["acl_user" => ["id"=>"NGwnGUqwsr","status"=>2]]);' | xxd
0000000: 81a8 6163 6c5f 7573 6572 82a2 6964 aa4e  ..acl_user..id.N
0000010: 4777 6e47 5571 7773 72a6 7374 6174 7573  GwnGUqwsr.status
0000020: 02                                       .

# php -dsession.serialize_handler=msgpack -r 'session_start();$_SESSION=["acl_user" => ["id"=>"NGwnGUqwsr","status"=>2]]; echo session_encode();session_destroy();' | xxd
0000000: 82c0 01a8 6163 6c5f 7573 6572 82a2 6964  ....acl_user..id
0000010: aa4e 4777 6e47 5571 7773 72a6 7374 6174  .NGwnGUqwsr.stat
0000020: 7573 02                                  us.

It's specific to sessions and in php 5.4.

from msgpack-php.

Sean-Der avatar Sean-Der commented on July 19, 2024

Hey @golgote @joeyhub

So, this comes down to the fact that http_session_vars is a reference.

Later when this array is packed we pack the reference appropriately .

Since you are just passing these values to redis, and you don't need the ref 'extension type' you could/should(?) just use ini_set('msgpack.php_only', 0);

I made the following test case to confirm this behavior. Flip msgpack.php_only to see the changes.

ini_set('session.serialize_handler', 'msgpack');
ini_set('msgpack.php_only', 0);

$input = [
    "acl_user" => [
        "id"=>"NGwnGUqwsr",
        "status"=>2
    ]
];


$std_serialize = msgpack_pack($input);

session_start();
$_SESSION = $input;
$session_serialize = session_encode();
session_destroy();

echo $std_serialize === $session_serialize ? 'OK' : 'ERROR', PHP_EOL;
echo bin2hex($std_serialize), PHP_EOL;
echo bin2hex($session_serialize), PHP_EOL;

I think this is a WONTFIX @laruence opinions? Everyone feel free to reopen if you aren't satisfied with this answer. Since we are dealing with outside deserialization this seems like the proper usage

from msgpack-php.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.