PHP Developer's Network : Network Member Forums

Class: PHON


  Search   All class groups   Latest entries   Top 10 charts   Newsletter   Blog   Forums   Help FAQ  
  Login   Register  
Recommend this page to a friend! Trackback URL: http://www.phpclasses.org/trackback/browse/package/4529.html
      Classes of Martin Alterisio  > 
PHON
  >  Download  >  Support forum Support forum  >  RSS 1.0 feed RSS 2.0 feed Latest changes  >  Stumble It! Stumble It!  >  Bookmark in del.icio.us Bookmark in del.icio.us  
  Supplied by   Group folder image Groups   Detailed description  
  Applications   Files Files  

  • Supplied by:

    • Picture of Martin Alterisio
    Name: Martin Alterisio <e-mail contact>
    Published packages: 5
    Country: Argentina Argentina - PHP jobs in Argentina
    Home page: http://mundogris.wordpress.com/

    Browse this author's classes

  • Innovation Award:

    • PHP Programming Innovation award nominee
    April 2008
    Number 3
    		 Serializing a variable value is a way to convert any type of variable into a single string that can be stored in a file, a database or sent to another application or another server, in a way that the original variable value can be easily restored.

    One easy way convert the value of any variable into a single human-readable string is to use the PHP var_export function. To unserialize a value serialized this way, PHP applications only need to use the eval function.

    However, applications must be careful when using the eval function to unserialize values received from untrusted sources. The problem is that serialized values may contain arbitrary PHP code that may allow security abuses that is executed when eval is called.

    This class provides a secure solution to unserialized values serialized with var_export. It uses the PHP tokenizer extension to evaluate the serialized value. This way any kind of disallowed type of expression is detected by the class.

    Manuel Lemos

  • Groups:

    • Group folder image
    Classes using PHP 5 specific features
    		 View top rated classes
    Group folder image
    Modeling and manipulating data types
    		 View top rated classes
    Group folder image
    Security protection and attack detection
    		 View top rated classes

  • Detailed description:

    • This class can be used to securely unserialize values exported with PHP var_export function.

    var_export is a PHP function that can be used to export variable values as text string.

    The exported data can be used as an alternative to XML or JSON to pass complex data values between the same or different computers. Thus the name PHP Object Notation: PHON (pronounced like font but silencing the ending "t" sound).

    This class can use the eval function to unserialize and restore the original values exported with var_export.

    Alternatively, it can also parse the expression and unserialize it securely by disallowing non-constant expressions in the exported values that could be used to run dangerous arbitrary PHP code.

  • Applications that use this class:

    • No application links were specified for this class.
    Add link image If you know an application of this package, send a message to the author to add a link here.

  • Files:

    • File Role Description
    Files folder image phon
      Accessible without login Plain text file phon.lib.php Aux.
    Main include file for the PHON package.
      Accessible without login Plain text file InvalidPHON.php Class
    File for the InvalidPHON Exception.
      Accessible without login Plain text file PHONEvaluator.php Class
    File for the PHONEvaluator class
      Accessible without login Plain text file PHONValidator.php Class
    File the for PHONValidator class
      Accessible without login Plain text file SecurePHONClass.php Class
    The file for SecurePHONClass interface
    Accessible without login Plain text file consumer.php Example
    Consumer example
    Accessible without login Plain text file provider.php Example
    Provider example
    Download all files: phon.tar.gz phon.zip
    NOTICE: if you are using a download manager program like 'GetRight', please Login before trying to download this archive.

 
  Advertise on this site   Site map   Statistics   Site tips   Privacy policy   Contact  
For more information send a message to :
info at phpclasses dot org.
Copyright (c) Icontem 1999-2008 PHP Classes - PHP Class Scripts
  PHP Book Reviews - Reviews of books and other products