Skip to content

Duplicated properties in serialisation payload #22599

Description

@NickSdot

Description

Opening this as a reminder for the below.

@TimWolla: #22588 (comment)

It is legal for properties to appear twice in serialization payload?! This probably should be deprecated and killed.

class TestDefault {
    public readonly int $prop = 1;
}

var_dump($s = serialize(new TestDefault));
var_dump(unserialize($s));

// Unserialization still bypasses normal readonly assignment semantics.
var_dump(unserialize("O:11:\"TestDefault\":0:{}"));
var_dump(unserialize("O:11:\"TestDefault\":1:{s:4:\"prop\";i:2;}"));
var_dump(unserialize("O:11:\"TestDefault\":2:{s:4:\"prop\";i:2;s:4:\"prop\";i:3;}"));

string(38) "O:11:"TestDefault":1:{s:4:"prop";i:1;}"
object(TestDefault)#1 (1) {
  ["prop"]=>
  int(1)
}
object(TestDefault)#1 (1) {
  ["prop"]=>
  int(1)
}
object(TestDefault)#1 (1) {
  ["prop"]=>
  int(2)
}
object(TestDefault)#1 (1) {
  ["prop"]=>
  int(3)
}

PHP Version

N/A

Operating System

No response

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions