Class: PHON (export, secure)

Name:	PHON Support forum
Base name:	`phon`
Description:	Unserialize values exported with var_export
Search tags:	export, secure
Version:	`1.0.0`
Required PHP version:	`5.0`
License:	GNU Lesser General Public License (LGPL)
All time users:	134 users
All time rank:	4151
Week users:	3 users
Week rank:	2046

	Supplied by		Groups		Detailed description

	User ratings		Applications		Files

Supplied by:

Name:	Martin Alterisio `<e-mail contact>`
Published packages:	5
Country:	Argentina - PHP jobs in Argentina
Home page:	`http://mundogris.wordpress.com/`
Age:	25
All time rank:	792
Week rank:	258

Browse this author's classes

Innovation Award:

April 2008
Number 3

Serializing a variable value is a way to convert any type of variable into a single string that can be stored in a file, a database or sent to another application or another server, in a way that the original variable value can be easily restored.

One easy way convert the value of any variable into a single human-readable string is to use the PHP var_export function. To unserialize a value serialized this way, PHP applications only need to use the eval function.

However, applications must be careful when using the eval function to unserialize values received from untrusted sources. The problem is that serialized values may contain arbitrary PHP code that may allow security abuses that is executed when eval is called.

This class provides a secure solution to unserialized values serialized with var_export. It uses the PHP tokenizer extension to evaluate the serialized value. This way any kind of disallowed type of expression is detected by the class.

Manuel Lemos

Groups:

PHP 5	Classes using PHP 5 specific features	View top rated classes
Data types	Modeling and manipulating data types	View top rated classes
Security	Security protection and attack detection	View top rated classes

Detailed description:

This class can be used to securely unserialize values exported with PHP var_export function.

var_export is a PHP function that can be used to export variable values as text string.

The exported data can be used as an alternative to XML or JSON to pass complex data values between the same or different computers. Thus the name PHP Object Notation: PHON (pronounced like font but silencing the ending "t" sound).

This class can use the eval function to unserialize and restore the original values exported with var_export.

Alternatively, it can also parse the expression and unserialize it securely by disallowing non-constant expressions in the exported values that could be used to run dangerous arbitrary PHP code.

User ratings:

Not yet rated by the users
Applications that use this class:

No application links were specified for this class.

If you know an application of this package, send a message to the author to add a link here.

Files:

File	Role	Description
`phon`
`phon.lib.php`	Aux.	Main include file for the PHON package.
`InvalidPHON.php`	Class	File for the InvalidPHON Exception.
`PHONEvaluator.php`	Class	File for the PHONEvaluator class
`PHONValidator.php`	Class	File the for PHONValidator class
`SecurePHONClass.php`	Class	The file for SecurePHONClass interface
`consumer.php`	Example	Consumer example
`provider.php`	Example	Provider example

Download all files: phon.tar.gz phon.zip

NOTICE: if you are using a download manager program like 'GetRight', please Login before trying to download this archive.

Copyright (c) Icontem 1999-2008	PHP Classes	- PHP Class Scripts
	PHP Book Reviews	- Reviews of books and other products

Class: PHON

Supplied by:

Innovation Award:

Groups:

Detailed description:

User ratings:

Applications that use this class:

Files: