Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

php-serialized-data

Package Overview
Dependencies
Maintainers
1
Versions
8
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

php-serialized-data

Parse PHP serialized data with JavaScript.

  • 0.6.1
  • latest
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
85
decreased by-21.3%
Maintainers
1
Weekly downloads
 
Created
Source

php-serialized-data

Parse PHP serialized data with JavaScript.

PHP's serialize function doesn't have a spec, so I used the handy Kaitai Struct spec as reference instead

yarn add php-serialized-data

Or use it directly in the browser:

import { parse } from 'https://cdn.pika.dev/php-serialized-data';

Usage Examples

import { parse } from 'php-serialized-data';

const data = parse( 'O:8:"stdClass":2:{s:3:"foo";s:3:"bar";s:16:"\u0000stdClass\u0000secret";s:3:"shh";}' );

/*
PHPObject(
  className: 'stdClass',
  value: Map( [
    [ PHPString( value: 'foo' ), PHPString( value: 'bar' ) ],
    [ PHPString( value: '\u0000stdClass\u0000secret' ), PHPString( value: 'shh' ) ],
  ] ),
)
*/

data.toJs();

/*
{ foo: 'bar' }
*/

data.toJs( { private: true } );

/*
{ foo: 'bar', secret: 'shh' }
*/

It even works with multi-byte data like emoji:

import { parse } from 'php-serialized-data';

const data = parse( 's:4:"🐊";' );

/*
PHPString( value: '🐊' )
*/

data.toJs();

/*
'🐊'
*/

Parsing options

The main parse() function takes two parameters, the input string, and an options object.

parse( input, options? )
OptionTypeDefaultDescription
fixNullsBooleanfalseAttempt to fix missing/broken null chars in input.
Useful when the input was pasted from the clipboard.

The fixNulls option attempts to fix the following scenarios:

  • Nulls have been replaced with the Unicode replacement character �. This can happen if the serialized string was output into a HTML page.
  • Nulls are missing. This usually happens if the value was copied to the clipboard. If the string byte count was larger than the content, then the following fixes are attempted, depending on the content of the string.
    • If the byte count is larger by 1, and the value starts with lambda_, then the string is probably a serialized lambda function.
    • If the byte count is larger by 2, and the value starts with an asterisk *, then the string is probably a protected property.
    • If the byte count is larger by 2, and the other scenarios do not apply, the string is probably a private class property.

JS Value Conversion

Use the .toJs() method on the output to convert to native JavaScript types.

value.toJs( options? )

The .toJs() method accepts an options object:

OptionTypeDefaultDescription
privateBooleanfalseInclude private & protected class properties
detectArraysBooleanfalseOutput arrays where possible, instead of objects

Supports PHP Types

  • Null
  • Integer
  • Float
    • Infinity
    • NaN
    • Scientific notation
  • String
    • Multi-byte (e.g. emoji)
  • Boolean
  • Array
  • Object
    • Classes
    • Custom Objects (contain arbitrary serialized data. e.g. SplDoublyLinkedList)
  • Reference
    • Value Reference
    • Object Reference
    • Circular Reference

TODO

  • Throw on trailing data
  • Option to ignore string lengths (should fix newline mismatches & trimmed whitespace)

FAQs

Package last updated on 26 Jun 2020

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc