PHP Classes
Icontem

Class: PHON


  Search   All class groups All class groups   Latest entries Latest entries   Top 10 charts Top 10 charts   Newsletter Newsletter   Blog Blog   Forums Forums   Help FAQ Help FAQ  
  Login   Register  
Recommend this page to a friend! ReTweet ReTweet Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us
  Classes of Martin Alterisio  >  PHON  >  Download  >  Support forum Support forum (1)  >  Blog Blog  >  RSS 1.0 feed RSS 2.0 feed Latest changes  
Name: PHON Support forum
Base name: phon
Description: Unserialize values exported with var_export
Related top rated classes: , ,
Version: 1.0.0
Required PHP version: 5.0
License: GNU Lesser General Public License (LGPL)
All time users: 162 users
All time rank: 4839
Week users: 1 user
Week rank: 3730
 
  Author   Group folder image Groups   Detailed description  
  Rate classes User ratings   Applications   Files Files  

Author

Picture of Martin Alterisio
Name: Martin Alterisio <e-mail contact>
Published packages: 5 Browse this author's classes Browse this author's classes
Country: Argentina Argentina - PHP jobs in Argentina
Home page: http://mundogris.wordpress.com/
Age: 26
All time rank: 715
Week rank: 304

Innovation Award

PHP Programming Innovation award nominee
April 2008
Number 3
 Serializing a variable value is a way to convert any type of variable into a single string that can be stored in a file, a database or sent to another application or another server, in a way that the original variable value can be easily restored.

One easy way convert the value of any variable into a single human-readable string is to use the PHP var_export function. To unserialize a value serialized this way, PHP applications only need to use the eval function.

However, applications must be careful when using the eval function to unserialize values received from untrusted sources. The problem is that serialized values may contain arbitrary PHP code that may allow security abuses that is executed when eval is called.

This class provides a secure solution to unserialized values serialized with var_export. It uses the PHP tokenizer extension to evaluate the serialized value. This way any kind of disallowed type of expression is detected by the class.

Manuel Lemos

Groups

Group folder image PHP 5 Classes using PHP 5 specific features View top rated classes
Group folder image Data types Modeling and manipulating data types View top rated classes
Group folder image Security Security protection and attack detection View top rated classes

Detailed description

This class can be used to securely unserialize values exported with PHP var_export function.

var_export is a PHP function that can be used to export variable values as text string.

The exported data can be used as an alternative to XML or JSON to pass complex data values between the same or different computers. Thus the name PHP Object Notation: PHON (pronounced like font but silencing the ending "t" sound).

This class can use the eval function to unserialize and restore the original values exported with var_export.

Alternatively, it can also parse the expression and unserialize it securely by disallowing non-constant expressions in the exported values that could be used to run dangerous arbitrary PHP code.

User ratings

Not yet rated by the users

Applications that use this class

No application links were specified for this class.
Add link image If you know an application of this package, send a message to the author to add a link here.

Files

File Role Description
Files folder image phon
  Accessible without login Plain text file phon.lib.php Aux. Main include file for the PHON package.
  Accessible without login Plain text file InvalidPHON.php Class File for the InvalidPHON Exception.
  Accessible without login Plain text file PHONEvaluator.php Class File for the PHONEvaluator class
  Accessible without login Plain text file PHONValidator.php Class File the for PHONValidator class
  Accessible without login Plain text file SecurePHONClass.php Class The file for SecurePHONClass interface
Accessible without login Plain text file consumer.php Example Consumer example
Accessible without login Plain text file provider.php Example Provider example
Download all files: phon.tar.gz phon.zip
NOTICE: if you are using a download manager program like 'GetRight', please Login before trying to download this archive.

 
  Advertise on this site Advertise on this site   Site map Site map   Statistics Statistics   Site tips Site tips   Privacy policy Privacy policy   Contact Contact  

For more information send a message to :
info at phpclasses dot org.
Copyright (c) Icontem 1999-2009 PHP Classes - PHP Class Scripts
  PHP Book Reviews - Reviews of books and other products