phpunserialize
Advanced tools
Convert serialized PHP data to a javascript object graph.
OMG why would anyone do something this perverse? PHP has a
json_encode()method so you don't have to try and cobble together ugly hacks like this.
It all started so innocently. The guy at the desk next to mine asked "hey is there a javascript library that can turn this php serialize mess into something that I can read?" I gaped. He explained that he was trying to slap together a js testing harness for a set of REST services that returned serialized PHP as their transport representation.
A google search turned up something so I went back to listening to the
latest OMM album. Fifteen minutes later the stream of curses coming from
Gallilama started harshing my groove. It turns out that the venerable phpjs
function only handles a particular subset of PHP's serialize output.
Specifically it doesn't handle references and objects at all. Google found
a java implementation that looked more complete. I did a quick port of it
to javascript and moved on to my $wingin' Utter$ playlist.
The next day I checked in and found out that strange things were afoot with my
port. It turns out that private and protected members serialize in an
"interesting" way. PHP prepends the member name with either the class name
(private) or an asterisk (protected) surrounded by null bytes (\u0000). The
hack parser was going into an infinite loop when it tried to extract these
values.
By this point I was fully committed. Nothing less than a TDD validated library that could handle just about any craziness I threw at it would do. I'm sure there are still gaps, but this "quick hack" is working for our twisted needs.
PHP's serialization format is not well documented, but this function takes a best guess approach to parsing and interpreting it. Serialized integers, floats, booleans, strings, arrays, objects and references are currently supported.
PHP's array type is a hybrid of javascript's array and object types. phpUnserialize translates PHP arrays having only 0-based consecutive numeric keys into javascript arrays. All other arrays are translated into javascript objects.
Serialized members of a PHP object carry scope information via name mangling.
phpUnserialize strips this scope signifier prefix from private and protected
members.
Check out the tests for more details or read the source.
The phpUnserialize.js file implements the Universal Module Definition
pattern which attempts to be compatible with multiple script loaders including
AMD, CommonJS and direct usage in an HTML file.
Plain HTML:
<script src="phpUnserialize.js"></script>
<script>
var foo = phpUnserialize('s:3:"foo";');
</script>
With an AMD loader:
define(["phpunserialize"], function (phpUnserialize) {
return {
foo: phpUnserialize('s:3:"foo";')
};
});
With a CommonJS loader:
var phpUnserialize = require('phpunserialize');
var foo = phpUnserialize('s:3:"foo";');
npm install
npm test
FAQs
Convert serialized PHP data to a javascript object graph
The npm package phpunserialize receives a total of 19,212 weekly downloads. As such, phpunserialize popularity was classified as popular.
We found that phpunserialize demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.