Resources and object resources

  115902
August 31, 2021 13:56 come.chilliet@fusiondirectory.org (=?UTF-8?B?Q8O0bWU=?= Chilliet)
Hello,

Resources cannot be serialized.
This is mentionned on https://www.php.net/manual/en/function.serialize.php ,
 but one can easily miss it.
The information does not seem to appear on
https://www.php.net/manual/en/language.oop5.serialization.php and
https://www.php.net/manual/en/language.types.resource.php

And nowhere does it says what happens if you serialize an object with a
 resource in a property.

Now most resources are replaced by classes in the recent versions of PHP.
Because of this, it is advised to replace tests like
(is_resource($object->res)) with ($object->res !== FALSE).

So, I tried to do this in my application with LDAP connections, which will be
objects in PHP 8.1.

And the application broke, because when unserializing from session an object
containting an LDAP connection, the property is set to int(0). So is_resource()
and !== FALSE will not have the same result.

I cannot find any documentation page mentionning that resources are turned into
int(0) upon serialization.

It seems to be consistent accross versions: https://3v4l.org/BHtAh

But what will happen when LDAP connections are turned into objects in 8.1? Will
they also become int(0) upon serialization or will they behave in an other way?
I could not find a case of resource that became an object and is allowed on
3v4l to test this. There is no LDAP or CURL in there.

Côme
  115903
August 31, 2021 14:16 come.chilliet@fusiondirectory.org (=?UTF-8?B?Q8O0bWU=?= Chilliet)
Le Tue, 31 Aug 2021 15:56:42 +0200,
Côme Chilliet chilliet@fusiondirectory.org> a écrit :
> It seems to be consistent accross versions: https://3v4l.org/BHtAh > > But what will happen when LDAP connections are turned into objects in 8.1? > Will they also become int(0) upon serialization or will they behave in an > other way? I could not find a case of resource that became an object and is > allowed on 3v4l to test this. There is no LDAP or CURL in there.
Quick followup on this, I found a case that can be tested on 3v4l: https://3v4l.org/EKFP0 -> Fatal error: Uncaught Exception: Serialization of 'XMLParser' is not allowed in /in/EKFP0:13 So it seems objects of this kind throw when serialized (I hope they all do that). It is not clear to me how that behaves with session, will it throw as soon as affected to $_SESSION, or at the end of the request? https://www.php.net/manual/en/class.xmlparser.php -> does fully opaque implies non serializable?
  115904
August 31, 2021 14:26 nikita.ppv@gmail.com (Nikita Popov)
On Tue, Aug 31, 2021 at 4:16 PM Côme Chilliet <
come.chilliet@fusiondirectory.org> wrote:

> Le Tue, 31 Aug 2021 15:56:42 +0200, > Côme Chilliet chilliet@fusiondirectory.org> a écrit : > > It seems to be consistent accross versions: https://3v4l.org/BHtAh > > > > But what will happen when LDAP connections are turned into objects in > 8.1? > > Will they also become int(0) upon serialization or will they behave in an > > other way? I could not find a case of resource that became an object and > is > > allowed on 3v4l to test this. There is no LDAP or CURL in there. > > Quick followup on this, I found a case that can be tested on 3v4l: > https://3v4l.org/EKFP0 > > -> Fatal error: Uncaught Exception: Serialization of 'XMLParser' is not > allowed > in /in/EKFP0:13 > > So it seems objects of this kind throw when serialized (I hope they all do > that).
Unless we made a mistake somewhere, yes, all "resource-like" objects are not serializable and will throw an attempted serialization or unserialization.
> It is not clear to me how that behaves with session, will it throw as > soon as affected to $_SESSION, or at the end of the request? >
Storing it in $_SESSION temporarily should work fine, it will only throw when the session is serialized. Regards, Nikita