Home » Php » php – forcing access to __PHP_Incomplete_Class object properties

php – forcing access to __PHP_Incomplete_Class object properties

Posted by: admin April 23, 2020 Leave a comment

Questions:

I’m writing a module for a php cms. In a function (a callback) I can access an object that comes from the framework code.

This object is of type __PHP_Incomplete_Class because the needed header file is not included before the session starts. I cannot include it without hacking the core cms code.

I wonder if is possibile to access the object properties anyway (casting to array does not work). I ask this because I can see the values with var_dump() but using $object->var I always get nulls.

How to&Answers:

This issue appends when you un serialize an object of a class that hasn’t been included yet.
For exemple, if you call session_start before include the class.

A PHPIncompleteClass object can’t be accessed directly, but it’s ok with foreach, serialize and gettype.
Calling is_object with an PHPIncompleteClass object will result false.

So, if you find a ‘__PHP_Incomplete_Class’ object in your session and you’ve included your class after the session_load, you can use this function :

function fixObject (&$object)
{
  if (!is_object ($object) && gettype ($object) == 'object')
    return ($object = unserialize (serialize ($object)));
  return $object;
}

This will results a usable object :

fixObject($_SESSION['member']);

Answer:

I found this hack which will let you cast an object:

function casttoclass($class, $object)
{
  return unserialize(preg_replace('/^O:\d+:"[^"]++"/', 'O:' . strlen($class) . ':"' . $class . '"', serialize($object)));
}

From http://blog.adaniels.nl/articles/a-dark-corner-of-php-class-casting/

So you can do:

$obj = casttoclass('stdClass', $incompleteObject);

and then access properties as normal.


You could also define an unserialize_callback_func in a .htaccess/Apache configuration file. That way you wouldn’t need to hack any PHP but you could include the file on demand.

Answer:

As an addition here is my version of the fix_object() function:
The main change is step 3 in the code: Make all properties public.

When PHP serializes an object, all private and protected properties are prefixed with two null-bytes! These null-bytes are the actual reason, why the property cannot be accessed via $obj->key because actually it is something like $obj->{NULL*NULL}key.

/**
 * Takes an __PHP_Incomplete_Class and casts it to a stdClass object.
 * All properties will be made public in this step.
 *
 * @since  1.1.0
 * @param  object $object __PHP_Incomplete_Class
 * @return object
 */
function fix_object( $object ) {
    // preg_replace_callback handler. Needed to calculate new key-length.
    $fix_key = create_function(
        '$matches',
        'return ":" . strlen( $matches[1] ) . ":\"" . $matches[1] . "\"";'
    );

    // 1. Serialize the object to a string.
    $dump = serialize( $object );

    // 2. Change class-type to 'stdClass'.
    $dump = preg_replace( '/^O:\d+:"[^"]++"/', 'O:8:"stdClass"', $dump );

    // 3. Make private and protected properties public.
    $dump = preg_replace_callback( '/:\d+:"
/** * Takes an __PHP_Incomplete_Class and casts it to a stdClass object. * All properties will be made public in this step. * * @since 1.1.0 * @param object $object __PHP_Incomplete_Class * @return object */ function fix_object( $object ) { // preg_replace_callback handler. Needed to calculate new key-length. $fix_key = create_function( '$matches', 'return ":" . strlen( $matches[1] ) . ":\"" . $matches[1] . "\"";' ); // 1. Serialize the object to a string. $dump = serialize( $object ); // 2. Change class-type to 'stdClass'. $dump = preg_replace( '/^O:\d+:"[^"]++"/', 'O:8:"stdClass"', $dump ); // 3. Make private and protected properties public. $dump = preg_replace_callback( '/:\d+:"\0.*?\0([^"]+)"/', $fix_key, $dump ); // 4. Unserialize the modified object again. return unserialize( $dump ); } 
.*?
/** * Takes an __PHP_Incomplete_Class and casts it to a stdClass object. * All properties will be made public in this step. * * @since 1.1.0 * @param object $object __PHP_Incomplete_Class * @return object */ function fix_object( $object ) { // preg_replace_callback handler. Needed to calculate new key-length. $fix_key = create_function( '$matches', 'return ":" . strlen( $matches[1] ) . ":\"" . $matches[1] . "\"";' ); // 1. Serialize the object to a string. $dump = serialize( $object ); // 2. Change class-type to 'stdClass'. $dump = preg_replace( '/^O:\d+:"[^"]++"/', 'O:8:"stdClass"', $dump ); // 3. Make private and protected properties public. $dump = preg_replace_callback( '/:\d+:"\0.*?\0([^"]+)"/', $fix_key, $dump ); // 4. Unserialize the modified object again. return unserialize( $dump ); } 
([^"]+)"/', $fix_key, $dump ); // 4. Unserialize the modified object again. return unserialize( $dump ); }

var_dump will not display these NULL byte prefixes to you, but you can see them with this code:

class Test {
    private $AAA = 1;
    protected $BBB = 2;
    public $CCC = 3;
}

$test = new Test();
echo json_encode( serialize( $test ) );

// Output:
// "O:4:\"Test\":3:{s:9:\"\u0000Test\u0000AAA\";i:1;s:6:\"\u0000*\u0000BBB\";i:2;s:3:\"CCC\";i:3;}"

$test2 = fix_object( $test );
echo json_encode( serialize( $test2 ) );

// Output:
// "O:8:\"stdClass\":3:{s:3:\"AAA\";i:1;s:3:\"BBB\";i:2;s:3:\"CCC\";i:3;}"

There you see:

  • The private property is prefixed with NULL + classname + NULL
  • The protected property is prefixed with NULL + "*" + NULL

Answer:

If you just need to access raw data (like class variables) from a PHP_Incomplete_Class object, you can use the foreach hack, or you can also do:

$result_array = (array)$_SESSION['incomplete_object_index'];
echo $result_array['desired_item'];

Answer:

I’ve read a lot of suggestions on how to fix incomplete classobjects and I actually needed to fix those problems myself, in a ecommerce-project.

One suggestion I’ve found is to simply use json_decode/json_encode to convert incomplete classes without preloading anything. However, I didn’t want to take the risk using this, if there are older PHP versions that are dependent in for example PECL, that is described at http://php.net/manual/en/function.json-encode.php – so I finally succeeded to make my own solution.

However, the code is a way to get the data out of the object properly, so it may not fit all needs – and it will primarily, use the json-solution first, if it is available in the environment and fail over to manual handling if needed.

It also works recursively, which in my own case is required, to save the whole array.

/**
 * Convert a object to a data object (used for repairing __PHP_Incomplete_Class objects)
 * @param array $d
 * @return array|mixed|object
 */
function arrayObjectToStdClass($d = array())
{
    /**
     * If json_decode and json_encode exists as function, do it the simple way.
     * http://php.net/manual/en/function.json-encode.php
     */
    if (function_exists('json_decode') && function_exists('json_encode')) {
        return json_decode(json_encode($d));
    }
    $newArray = array();
    if (is_array($d) || is_object($d)) {
        foreach ($d as $itemKey => $itemValue) {
            if (is_array($itemValue)) {
                $newArray[$itemKey] = (array)$this->arrayObjectToStdClass($itemValue);
            } elseif (is_object($itemValue)) {
                $newArray[$itemKey] = (object)(array)$this->arrayObjectToStdClass($itemValue);
            } else {
                $newArray[$itemKey] = $itemValue;
            }
        }
    }
    return $newArray;
}

Answer:

Put the session_start() after your require to the class of the object you are trying to read from the SESSION

Answer:

None of the above answers actually worked for me, except this solution:

$object = unserialize(serialize($object));

$object->function();

Hope it helps someone