Background
For a brief background, I was working on a feature using a bunch of different classes. These classes could be manipulated by the end-user by changing around options, adding and removing items from lists, and so on. I thought it would be simple and convenient to just serialize these objects right into the database (I was working within a schema and was limited to using a single text blob, so one way or another I was going to be serializing data).

The problem
Originally, my classes used nothing but private members and accessors where needed. More recently, I wanted to change some of these private members to public, and when I did so my existing serialized objects broke! What I found was this:

When PHP attempts to unserialize() data containing private members into a class that contains public members of the same name, it produces an object that has both the private and public members of the same name.

So I ended up with an object who had two members, both with the same name, and $this->member was only returning the public member. The private member, which actually held information, was inaccessible. I looked for some magic __wakeup hackery to work around this but failed. Ultimately, since my code changes were now relying on public behavior, I used __get and __set to mimic it, along with a comment block explaining why I have all private members, and all exposed directly via __get and __set. Ugly, ugly stuff.

The lesson
Be careful what you do with serialized data, especially if you’re planning to keep it around for a while. You can modify the methods of your serialized class all you want, since methods are not serialized, but your data structure (the members) may become much trickier to update in the future.

I didn’t test this all fully, so I’m not sure what exactly is required to trigger this problem. For example, I know that replacing serialized public members with private members causes problems… what about the other direction? What about removing a public member from the class – would this cause the serialized public member to show up anyhow? I’m guessing it would.

It seemed like a simple problem with a simple solution, but since I didn’t find the simple solution as easily as I’d hoped, I thought I would echo it here.  In my case, I was able to perform traceroutes by adding these rules to my INPUT chain:

-A INPUT –proto icmp –icmp-type destination-unreachable -j ACCEPT
-A INPUT –proto icmp –icmp-type time-exceeded -j ACCEPT
-A INPUT–proto icmp –icmp-type echo-reply -j ACCEPT
-A INPUT–proto icmp –icmp-type echo-request -j ACCEPT

Note that, in my case, I ACCEPT all OUTPUT, so outbound conversation was never a problem, only inbound.  I’m fairly certain the rule that actually fixed my problem was the third, which allows echo-reply packets to come in.

<?php

function name($new = null) {
    static $name = 'Unknown';  // default value, if desired.
    if ($new !== null) {
        $name = $new;
    }
    return $name;
}

?>

I think it’s pretty self explanatory. The static keyword is important, as it tells PHP to perserve that variable’s value within that function’s scope between function calls.

With a little imagination, you have a more generic function that can be used as an application-wide register in which you can store any data by key. Throw this at the start of your application (rename the function if necessary) for a poor man’s namespace solution:

1. You could add a $namespace argument to the function.
2. Or you could have separate copies of this function, each named after its spiritual namespace. For example, widget() would be for my “widget” namespace, and foobar() would be for my “foobar” namespace.

<?php

function get($key, $new = null)
{
    static $data = array();
    if ($new !== null) {
        return $data[$key] = $new;
    }
    return array_key_exists($key, $data) ? $data[$key] : null;
}

?>

PHP lets you implement variable argument functions using functions like func_get_args, and func_num_args.  However, when you want to get references involved, things get a little bit tricky.  Variable length argument lists as references can be a useful thing, such as if you’re implementing some kind of filtering layer.  Below I discuss some patterns for making this work, with pros and cons for each.

Warning: I don’t know how or if the below code will be interpreted by PHP 5.3.  The information below is accurate as of 5.1.6.

Other warning: The examples below use some practices that would be considered bad practice.  This is because some of the things you can do in PHP are risky if done wrong, and easy to do wrong.  My perspective on these practices is always the same: if you know why its risky, and you come up with a way for it to be zero risk and useful, then use it.  Best practices are best interpreted as a theoretical guide, not a cardinal rule.  Plus, I’m a rebel.

Arbitrary Default Arguments

Hack alert.  This method is definitely a hack, but at the same time it is inexpensive (from a design and CPU standpoint) and has some advantaged.

<?php

// This function will receive arguments by reference and modify them.
function receive_variable_references(&$a1 = null, &$a2 = null, &$a3 = null, &$a4 = null,
&$a5 = null, &$a6 = null, &$a7 = null, &$a8 = null, &$a9 = null, &$a10 = null) {

// This will tell you how many arguments this function was invoked with.
$num_args = func_num_args();

// Make your changes to $a1 through $a10.
$a1 = “changed”;
}

$my_arg = ‘foobar’;
receive_variable_references($my_arg);
echo “$my_arg\n”;  // This will output “changed”

?>

Discussion

Pros

• Easy to call with an argument list of variables (but not literals).

Cons

• Fatal error if you call this function with literal data, such as the number 1 or a literal array.
• Limited to a certain number of referenced arguments (ten in the example above).

PHP’s methods for fetching arguments arbitrarily (name, func_get_args) will always return a copy.  End of story.  Thus, if you want references, you need to make them yourself.  By defining 10 arbitrarily named arguments, all as references, and all defaulted to null, we can get references to any of the first 10 arguments passed into the function.  If the caller omits some of them, or all of them, they will gracefully default to null.

The method above is, well, a hack.  But it’s well-contained in one spot, and does its job well for a very limited set of situations.  If you know you will be invoking this function with only variables (not literals), and will never need more than a certain number, the above solution is actually more elegant than it looks.  Hide the ugly inside the function, and the calling funcions never need to know about it.

If you need to know how many arguments the caller provided, you can still use func_num_args, which will return how many arguments the function was invoked with, not how many it received.  In other words, func_num_args tells you how many arguments the caller provided, regardless of how many defaults you have listed in your arguments list.

Arrays of references

You can eliminate the cons (and, incidentally, the pro) above by moving the referencing into the caller.  “But wait,” you say, “you can’t pass arguments by reference, you can only receive arguments by references.”  Well, I pity your naivete and in my graciousness shall open your mind.

<?php

function receive_variable_references($refs = array()) {
$refs[0] = ‘Bubba’;
$refs[1] = ‘green-cheeked conure’;
$refs[2] = ‘evil, with a little blue’;
}

$name = “Jimmy”;
$type = “brown-headed parrot”;
$color = “more or less green”;
receive_variable_references(array(&$name, &$type, &$color));

echo “Name: $name\nType: $type\nColor: $color\n”;

?>

Discussion

Pros

• Unlimited references.
• Function is not receiving references directly, and thus can accept literals as well.

Cons

• More convoluted calling mechanism (passing arrays of references instead of direct values).

If your function doesn’t receive its arguments by reference (as in this example), it receives copies instead.  We’re taking advantage of the fact that a copy of a reference to $a is still a reference to $a, just another copy of it.  Practically speaking, they’re identical.  In this case we’re creating an array of references (you can do that, because array(…) is a language construct, not a function) and passing that in.  On the function side, a copy of this array is what is actually received, but these copied references still point where we want them to.  This is where I show you a colorful graphic demonstrating the references and copies, and it’s very enlightening.

The con here is only questionably a con.  You could say that this method puts the burden of passing references on the caller, or you could say it gives the control of passing references to the caller.

If you are astute, you may have considered that compact would go well with this method; it doesn’t.  compact will not return references, only copies, thus undermining the pattern we’re using.

Calling variable length functions

<?php

function receive_variable_references(&$a1 = null, &$a2 = null, &$a3 = null, &$a4 = null,
&$a5 = null, &$a6 = null, &$a7 = null, &$a8 = null, &$a9 = null, &$a10 = null) {

// This will tell you how many arguments this function was invoked with.
$num_args = func_num_args();

// Make your changes to $a1 through $a10.
$a1 = “changed”;
}

$arg = ‘original’;
call_user_func_array(’receive_variable_references’, array(&$arg));
echo “$arg\n”;

?>

Discussion

We’ve gone back to our first example and shown how to call it with a variable list of arguments.  By providing an array of references to call_user_func_array, we ensure that the invoked function is receiving references, not copies.  If you try replacing the above with call_user_func and passing in literal references (instead of a literal array of references), you will get an warning about passing by reference, which is deprecated (and thus we don’t want to do it).

Example

This example mixes and matches some of the tips above to demonstrate a pattern you can use for functions that have access to their caller’s scope.  Obviously, this can be dangerous, so make sure you understand the security implications of what this does.  If you’re wondering, “What security implications?” then don’t use this.  If you’re thinking, “Oh yeah, those security implications, I’ll keep those in mind,” then you still probably shouldn’t use this.  In fact, I’m not sure why I’m demonstrating such a terrible idea.  Enjoy.

<?php

function some_filter($scope) {
$scope['line1'] = ‘All your’;
$scope['line2'] = ‘Base are’;
$scope['line3'] = ‘Belong to’;
$scope['line4'] = ‘An Internet meme from 2000.  Seriously.  Let it die.’;
}

$line1 = ‘Mary had a little lamb’;
$line2 = ‘Whose fleece was white as snow’;
$line3 = ‘Jack and Jill went up the hill’;
$line4 = ‘And god only knows what they did up there.  I\’m just saying, they were gone for an awfully long time.’;

$args = get_defined_vars();
$refs = array();
unset($args['GLOBALS'], $args['_FILES'], $args['_SERVER'], $args['_COOKIE'], $args['_GET'], $args['_POST'], $args['argc'], $args['argv']);
foreach ($args as $ident => $val) {
$refs[$ident] = &$$ident;
}
some_filter($refs);

echo <<<END
$line1
$line2
$line3
$line4

END;

?>

Discussion

We pull a list of variables in the current scope with get_defined_vars, and then prune out the ones we’re not likely to want.  At the very least, there is no point in including superglobals like $_GET and $_POST, since they will already be available in the invoked function.

We build up an array of references to these, each mapped to a key of the same name.  &$$ident will give us a reference to a variable whose name is the string value of $ident.  We have control over $ident the entire time we’re using it in this way so as to avoid the potential for an attacker to modify this behavior.

When some_filter is called with our array of references, we effectively has passed the current scope into some_filter.

This pattern is exceptionally useful for a plugin-based architecture. If you want to give plugins full control to modify your current behavior (likely enough control to break things), this is a brute-force but fully flexible means of doing so.

Using built-in constants has a few advantages, namely portability and less likelihood for errors.

Highlights

PHP_EOL: This is a newline character.  For example, echo $some_variable . PHP_EOL.
DATE_W3C: This is one of a few DATE_* constants, which are format strings suitable for in the date() function.  This one, in particular, plays well with MySQL.  If you have a hard time remembering the right format for getting a date into MySQL, or just don’t want to, use this.  For example, mysql_query(sprintf('INSERT INTO `my_table` (`date_col`) VALUES "%s"', date(DATE_W3C))).

The whole list

If you want to see all of the constants PHP defines out the door, just put this simple script into a file and run it from the command line.  I don’t recommend exposing it via a public website since it will expose information best left private.


$v) {
printf("%30s: %s\n", $n, $v);
}

?>


Bookmark the following URL:

chrome://browser/content/preferences/cookies.xul

Short-ish Answer

FireFox stores alol of its UI elements in files called XUL files.  chrome:// URLs point to these various XUL files on your hard drive.  They live inside JAR files (Java ARchives), which are essentially zip files.  Chrome URLs beginning with chrome://browser will point specifically to a file called browser.jar, which lives in your Firefox installation directory.  On Windows 7, in my case, this was at C:\Program Files (x86)\Mozilla Firefox\chrome\browser.jar.

From there, the rest of the URL is pointing within the JAR file.  In this case, we’re looking at content/browser/preferences/cookies.xul, which is within browser.jar.

It’s that simple. When you point FireFox to a chrome URL, assuming it exists, it will be displayed. To see a useless but funny example of this, try this URL:

chrome://browser/content/browser.xul

<?php

function report($directory, $prefix = '') { printf('%sDoes %s exist?  PHP says "%s"'. PHP_EOL, $prefix, $directory, is_dir($directory) ? 'yes' : 'no'); }
$target = './delete-me-before-running-statcache';

if (is_dir($target)) {
    die("Delete $target before running.\n");
}

echo "Creating $target.\n";
mkdir($target) || die("Unable to create $target.\n");
report($target); // is_dir($target) is now cached as true

echo "Unlinking $target.\n";
rmdir($target) || die("Unable to unlink $target.\n");

// This will say "yes", which is old (inaccurate) information.
report($target);

if (($pid = pcntl_fork()) === -1) { die("Failed to pcntl_fork.\n"); }
elseif ($pid === 0) {
    // child
    report($target, '<> ');
    echo "<> Clearing stat cache.\n";
    clearstatcache();
    report($target, '<> ');
} else {
    // parent
    sleep(2); // move this to the child block to reverse the test.
    report($target, '<<> ');
    clearstatcache();
    report($target, '<<> ');
}

?>

Output:

Creating ./delete-me-before-running-statcache.
Does ./delete-me-before-running-statcache exist?  PHP says "yes"
Unlinking ./delete-me-before-running-statcache.
Does ./delete-me-before-running-statcache exist?  PHP says "yes"
<> Does ./delete-me-before-running-statcache exist?  PHP says "yes"
<> Clearing stat cache.
<> Does ./delete-me-before-running-statcache exist?  PHP says "no"
<<> Does ./delete-me-before-running-statcache exist?  PHP says "yes"
<<> Does ./delete-me-before-running-statcache exist?  PHP says "no"