diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 32d659e7..e0a0a1c1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,6 +23,7 @@ jobs: - "8.0" - "8.1" - "8.2" + - "8.3" dependencies: - "highest" include: diff --git a/README.md b/README.md index 09f30f6d..317d158a 100644 --- a/README.md +++ b/README.md @@ -101,7 +101,7 @@ composer require cboden/ratchet:^0.4.4 See also the [CHANGELOG](CHANGELOG.md) for details about version upgrades. This project aims to run on any platform and thus does not require any PHP -extensions and supports running on legacy PHP 5.4 through PHP 8.2+ with limited support for newer PHP. +extensions and supports running on legacy PHP 5.4 through PHP 8.3+ with limited support for newer PHP. It's *highly recommended to use the latest supported PHP version* for this project. See above note about [Reviving Ratchet](#reviving-ratchet) for newer PHP support. diff --git a/src/Ratchet/Session/Serialize/PhpBinaryHandler.php b/src/Ratchet/Session/Serialize/PhpBinaryHandler.php index ba80551b..0825c77e 100644 --- a/src/Ratchet/Session/Serialize/PhpBinaryHandler.php +++ b/src/Ratchet/Session/Serialize/PhpBinaryHandler.php @@ -22,7 +22,10 @@ public function unserialize($raw) { $offset += 1; $varname = substr($raw, $offset, $num); $offset += $num; - $data = unserialize(substr($raw, $offset)); + + // try to unserialize one piece of data from current offset, ignoring any warnings for trailing data on PHP 8.3+ + // @link https://wiki.php.net/rfc/unserialize_warn_on_trailing_data + $data = @unserialize(substr($raw, $offset)); $returnData[$varname] = $data; $offset += strlen(serialize($data)); diff --git a/src/Ratchet/Session/Serialize/PhpHandler.php b/src/Ratchet/Session/Serialize/PhpHandler.php index b1df356d..e6847182 100644 --- a/src/Ratchet/Session/Serialize/PhpHandler.php +++ b/src/Ratchet/Session/Serialize/PhpHandler.php @@ -38,7 +38,10 @@ public function unserialize($raw) { $num = $pos - $offset; $varname = substr($raw, $offset, $num); $offset += $num + 1; - $data = unserialize(substr($raw, $offset)); + + // try to unserialize one piece of data from current offset, ignoring any warnings for trailing data on PHP 8.3+ + // @link https://wiki.php.net/rfc/unserialize_warn_on_trailing_data + $data = @unserialize(substr($raw, $offset)); $returnData[$varname] = $data; $offset += strlen(serialize($data)); diff --git a/tests/unit/Session/Serialize/PhpBinaryHandlerTest.php b/tests/unit/Session/Serialize/PhpBinaryHandlerTest.php new file mode 100644 index 00000000..f6068bba --- /dev/null +++ b/tests/unit/Session/Serialize/PhpBinaryHandlerTest.php @@ -0,0 +1,40 @@ +_handler = new PhpBinaryHandler; + } + + public function serializedProvider() { + return array( + array( + "\x0f" . '_sf2_attributes' . 'a:2:{s:5:"hello";s:5:"world";s:4:"last";i:1332872102;}' . "\x0c" . '_sf2_flashes' . 'a:0:{}' + , array( + '_sf2_attributes' => array( + 'hello' => 'world' + , 'last' => 1332872102 + ) + , '_sf2_flashes' => array() + ) + ) + ); + } + + /** + * @dataProvider serializedProvider + */ + public function testUnserialize($in, $expected) { + $this->assertEquals($expected, $this->_handler->unserialize($in)); + } +}