Class: PHON

Recommend this page to a friend!

Stumble It!

Bookmark in del.icio.us

Classes of Martin Alterisio

PHON

Download .tar.gz .zip

Support forum (1)

Blog

Latest changes

Name:	PHON Support forum
Base name:	`phon`
Description:	Unserialize values exported with var_export
Related classes:	export, eval, export database, unserialize, export xml, xml export, xml security, export data
Version:	`1.0.0`
PHP version:	`5.0`
License:	GNU Lesser General Public License (LGPL)
All time users:	208 users
All time rank:	6041
Week users:	1 user
Week rank:	2503

Author:	Martin Alterisio `<e-mail contact>`
Packages:	5 Browse this author's classes
Country:	Argentina - PHP jobs in Argentina
Age:	28
All time rank:	694	8 in Argentina
Week rank:	480	3 in Argentina

Innovation award

Nominee: 5x

	Detailed description

This class can be used to securely unserialize values exported with PHP var_export function.

var_export is a PHP function that can be used to export variable values as text string.

The exported data can be used as an alternative to XML or JSON to pass complex data values between the same or different computers. Thus the name PHP Object Notation: PHON (pronounced like font but silencing the ending "t" sound).

This class can use the eval function to unserialize and restore the original values exported with var_export.

Alternatively, it can also parse the expression and unserialize it securely by disallowing non-constant expressions in the exported values that could be used to run dangerous arbitrary PHP code.

	Groups

PHP 5	Classes using PHP 5 specific features	View top rated classes
Data types	Modeling and manipulating data types	View top rated classes
Security	Security protection and attack detection	View top rated classes

	User ratings		Trackback		Applications		Files

	Innovation Award

PHP Programming Innovation award nominee

April 2008
Number 3

Serializing a variable value is a way to convert any type of variable into a single string that can be stored in a file, a database or sent to another application or another server, in a way that the original variable value can be easily restored.

One easy way convert the value of any variable into a single human-readable string is to use the PHP var_export function. To unserialize a value serialized this way, PHP applications only need to use the eval function.

However, applications must be careful when using the eval function to unserialize values received from untrusted sources. The problem is that serialized values may contain arbitrary PHP code that may allow security abuses that is executed when eval is called.

This class provides a secure solution to unserialized values serialized with var_export. It uses the PHP tokenizer extension to evaluate the serialized value. This way any kind of disallowed type of expression is detected by the class.

Manuel Lemos

	User ratings

Not yet rated by the users

	Trackback links

Link	Description
PHON: la misma idea que JSON pero para PHP	Me valió un tercer puesto en los innovation awards de phpclasses...

Latest blog trackback links

	Applications that use this class

No application links were specified for this class.

If you know an application of this package, send a message to the author to add a link here.

	Files

File	Role	Description
`phon` (5 files)
`consumer.php`	Example	Consumer example
`provider.php`	Example	Provider example

	Files	/	phon

File	Role	Description
`phon.lib.php`	Aux.	Main include file for the PHON package.
`InvalidPHON.php`	Class	File for the InvalidPHON Exception.
`PHONEvaluator.php`	Class	File for the PHONEvaluator class
`PHONValidator.php`	Class	File the for PHONValidator class
`SecurePHONClass.php`	Class	The file for SecurePHONClass interface

Download all files: phon.tar.gz phon.zip
NOTICE: if you are using a download manager program like 'GetRight', please Login before trying to download this archive.

Copyright (c) Icontem 1999-2012	PHP Classes	- PHP Class Scripts
	PHP Book Reviews	- Reviews of books and other products