Module: PHP

Defined in:
lib/php_serialize.rb

Overview

PHP serialize() and unserialize() workalikes

Release History:

1.0.0 - 2003-06-02 - First release.
1.0.1 - 2003-06-16 - Minor bugfixes.
1.0.2 - 2004-09-17 - Switch all {}'s to explicit Hash.new's.
1.1.0 - 2009-04-01 - Pass assoc to recursive calls (thanks to Edward Speyer).
                   - Serialize Symbol like String.
                   - Add testsuite.
                   - Instantiate auto-generated Structs properly (thanks
                     to Philip Hallstrom).
                   - Unserialize arrays properly in assoc mode.
                   - Add PHP session support (thanks to TJ Vanderpoel).
                   - Release as tarball and gem.

See www.php.net/serialize and www.php.net/unserialize for details on the PHP side of all this.

Class Method Summary collapse

Class Method Details

.serialize(var, assoc = false) ⇒ Object

as a PHP associative array rather than a multidimensional array.



53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# File 'lib/php_serialize.rb', line 53

def PHP.serialize(var, assoc = false) # {{{
	s = ''
	case var
		when Array
			s << "a:#{var.size}:{"
			if assoc and var.first.is_a?(Array) and var.first.size == 2
				var.each { |k,v|
					s << PHP.serialize(k, assoc) << PHP.serialize(v, assoc)
				}
			else
				var.each_with_index { |v,i|
					s << "i:#{i};#{PHP.serialize(v, assoc)}"
				}
			end

			s << '}'

		when Hash
			s << "a:#{var.size}:{"
			var.each do |k,v|
				s << "#{PHP.serialize(k, assoc)}#{PHP.serialize(v, assoc)}"
			end
			s << '}'

		when Struct
			# encode as Object with same name
			s << "O:#{var.class.to_s.length}:\"#{var.class.to_s.downcase}\":#{var.members.length}:{"
			var.members.each do |member|
				s << "#{PHP.serialize(member, assoc)}#{PHP.serialize(var[member], assoc)}"
			end
			s << '}'

		when String, Symbol
			s << "s:#{var.to_s.bytesize}:\"#{var.to_s}\";"

		when Fixnum # PHP doesn't have bignums
			s << "i:#{var};"

		when Float
			s << "d:#{var};"

		when NilClass
			s << 'N;'

		when FalseClass, TrueClass
			s << "b:#{var ? 1 :0};"

		else
			if var.respond_to?(:to_assoc)
				v = var.to_assoc
				# encode as Object with same name
				s << "O:#{var.class.to_s.length}:\"#{var.class.to_s.downcase}\":#{v.length}:{"
				v.each do |k,v|
					s << "#{PHP.serialize(k.to_s, assoc)}#{PHP.serialize(v, assoc)}"
				end
				s << '}'
			else
				raise TypeError, "Unable to serialize type #{var.class}"
			end
	end

	s
end

.serialize_session(var, assoc = false) ⇒ Object

string = PHP.serialize_session(mixed var[, bool assoc])

Like PHP.serialize, but only accepts a Hash or associative Array as the root type. The results are returned in PHP session format.



121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
# File 'lib/php_serialize.rb', line 121

def PHP.serialize_session(var, assoc = false) # {{{
	s = ''
	case var
	when Hash
		var.each do |key,value|
			if key.to_s =~ /\|/
				raise IndexError, "Top level names may not contain pipes"
			end
			s << "#{key}|#{PHP.serialize(value, assoc)}"
		end
	when Array
		var.each do |x|
			case x
			when Array
				if x.size == 2
					s << "#{x[0]}|#{PHP.serialize(x[1])}"
				else
					raise TypeError, "Array is not associative"
				end
			end
		end
	else
		raise TypeError, "Unable to serialize sessions with top level types other than Hash and associative Array"
	end
	s
end

.serialized?(string) ⇒ Boolean

Tests if an input is valid PHP serialized string.

Checks if a string is serialized using quick string manipulation to throw out obviously incorrect strings.

stackoverflow.com/questions/1369936/check-to-see-if-a-string-is-serialized

Returns:

  • (Boolean)


220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
# File 'lib/php_serialize.rb', line 220

def PHP.serialized?(string)
  # If it isn't a string, it isn't serialized
  return false unless string.instance_of? String

  # Remove any trailing whitespace
  string.chomp!

  # Serialized FALSE, return TRUE. unserialize() returns FALSE on an
  # invalid string or it could return FALSE if the string is serialized
  # FALSE, eliminate that possibility.
  return true if 'b:0;' === string

  return true if 'N;' === string

  badions = /^([adObis]):/.match(string)
  return false if badions.nil?

  case badions[1]
  when 'a', 'O', 's'
    return true unless (/^#{badions[1]}:[0-9]+:.*[;}]$/m =~ string).nil?
  when 'b', 'i', 'd'
    return true unless (/^#{badions[1]}:[0-9.E-]+;$/ =~ string).nil?
  end

  false
end

.unserialize(string, classmap = nil, assoc = false) ⇒ Object

mixed = PHP.unserialize(string serialized, [hash classmap, [bool assoc]])

Returns an object containing the reconstituted data from serialized.

If a PHP array (associative; like an ordered hash) is encountered, it scans the keys; if they’re all incrementing integers counting from 0, it’s unserialized as an Array, otherwise it’s unserialized as a Hash. Note: this will lose ordering. To avoid this, specify assoc=true, and it will be unserialized as an associative array: [[key,value],…]

If a serialized object is encountered, the hash ‘classmap’ is searched for the class name (as a symbol). Since PHP classnames are not case-preserving, this must be a .capitalize()d representation. The value is expected to be the class itself; i.e. something you could call .new on.

If it’s not found in ‘classmap’, the current constant namespace is searched, and failing that, a new Struct(classname) is generated, with the arguments for .new specified in the same order PHP provided; since PHP uses hashes to represent attributes, this should be the same order they’re specified in PHP, but this is untested.

each serialized attribute is sent to the new object using the respective attribute=() method; you’ll get a NameError if the method doesn’t exist.

Array, Hash, Fixnum, Float, True/FalseClass, NilClass and String should be returned identically (i.e. foo == PHP.unserialize(PHP.serialize(foo)) for these types); Struct should be too, provided it’s in the namespace Module.const_get within unserialize() can see, or you gave it the same name in the Struct.new(<structname>), otherwise you should provide it in classmap.

Note: StringIO is required for unserialize(); it’s loaded as needed



180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
# File 'lib/php_serialize.rb', line 180

def PHP.unserialize(string, classmap = nil, assoc = false) # {{{
	if classmap == true or classmap == false
		assoc = classmap
		classmap = {}
	end
	classmap ||= {}

	require 'stringio'
	string = StringIO.new(string)
	def string.read_until(char)
		val = ''
		while (c = self.read(1)) != char
			val << c
		end
		val
	end

	if string.string =~ /^(\w+)\|/ # session_name|serialized_data
		ret = Hash.new
		loop do
			if string.string[string.pos, 32] =~ /^(\w+)\|/
				string.pos += $&.size
				ret[$1] = PHP.do_unserialize(string, classmap, assoc)
			else
				break
			end
		end
		ret
	else
		PHP.do_unserialize(string, classmap, assoc)
	end
end