我有一个站点设置,在页面加载时,将所有用户提交的字符串转换为SafeString对象.对于那些不熟悉SafeString的人来说,它基本上迫使用户回应清理过的数据,防止XSS等等.
无论如何,有一个问题.我的$ _SESSION数组正在填充__PHP_Incomplete_Class Object.从我读过的,这是因为没有在会话之前初始化类,然后在会话中存储类对象.
这是我的代码:
require_once __WEBROOT__ . '/includes/safestring.class.php';
$temp = array
(
&$_SERVER, &$_GET, &$_POST, &$_COOKIE,
&$_SESSION, &$_ENV, &$_REQUEST, &$_FILES,
&$HTTP_SERVER_VARS, &$HTTP_GET_VARS,
&$HTTP_POST_VARS, &$HTTP_COOKIE_VARS,
&$HTTP_POST_FILES, &$HTTP_ENV_VARS
);
function StringsToSafeString(&$array)
{
foreach ($array as $key => $value)
{
if (is_string($array[$key]))
{
$array[$key] = new SafeString($value);
}
if (is_array($array[$key]))
{
StringsToSafeString($array[$key]);
}
}
}
StringsToSafeString($temp);
unset($temp);
我想不出一种方法来重写这个可以解决问题的方法:/
有任何想法吗?
Class User{
public $id;
public $username;
public $password;
public $email;
public $steam;
public $donator;
public $active;
public function __construct($username, $email, $password, $id, $active, $donator, $steam){
$this->id = $id;
$this->username = $username;
$this->password = $password;
$this->email = $email;
$this->steam = $steam;
$this->donator = $donator;
$this->active = $active;
}}
是我的班级(简化)
以下是我的代码:
$_SESSION['loggedIn'] = $user;
$ user是User的类实例
现在这就是print_r($ _ SESSION ['loggedIn'])向我展示的内容:
__PHP_Incomplete_Class Object
(
[__PHP_Incomplete_Class_Name] => User
[id] => 22
[username] => xxxx
[password] => xxxx
[email] => xxxx
[steam] => 1234567
[donator] …用户通过身份验证后,我将类对象序列化并将其存储在会话中.但是,即使在使用unserialize()之后,我似乎无法打印其输出.
创建会话变量:
if(!isset($_SESSION['myObj']) && empty($_SESSION['myObj'])) {
$myObj = new User($row['user_id'], $row['username'], $row['user_level']);
$_SESSION['username']= $myObj->usr_name;
$s_Obj = serialize($myObj);
$_SESSION['myObj'] = $s_Obj;
从不同的页面访问,没有输出:
$sObj = $_SESSION['Obj'];
$myObj = unserialize($s_Obj);
echo $myObj->usr_name;
然而,这是有效的,所以我的班级没有任何问题.我也在session_start()两个页面中使用.
echo $_SESSION['username'];
班级用户:
<?php
class User{
public $usr_id;
public $usr_name;
public $usr_level;
public $last_access_login;
public function __construct($id, $usr_name, $usr_level) {
$this->usr_id = $id;
$this->usr_name = $usr_name;
$this->usr_level = $usr_level;
$this->last_access_login = date("F d Y H:i:s.",time());
}
}
?>
编辑:
这是我的vardump
array
'myObj' =>
object(__PHP_Incomplete_Class)[1]
public '__PHP_Incomplete_Class_Name' => string …我想打开一个简单的页面时遇到错误.这是完整的错误:
ContextErrorException:Catchable Fatal Error:类__PHP_Incomplete_Class的对象无法转换为/Applications/mampstack-5.4.20-0/apache2/htdocs/engelsvandenbroecke/vendor/symfony/symfony/src/Symfony/Component/Security/Core/ Authentication/Token/AbstractToken.php第70行
我在symfony项目中所做的是:
这是我的用户实体类:
<?php
namespace Beachteam\BeachteamBundle\Entity;
use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\User\AdvancedUserInterface;
/**
* User
*
* @ORM\Table(name="user", uniqueConstraints={@ORM\UniqueConstraint(name="username_UNIQUE", columns={"username"})}, indexes={@ORM\Index(name="fk_users_roles_idx", columns={"role_id"})})
* @ORM\Entity
*/
class User implements AdvancedUserInterface
{
/**
* @var string
*
* @ORM\Column(name="username", type="string", length=45, nullable=false)
*/
private $username;
/**
* @var string
*
* @ORM\Column(name="password", type="string", length=60, nullable=false)
*/
private $password;
/**
* @var string
*
* @ORM\Column(name="salt", type="string", length=30, nullable=false)
*/
private $salt;
/**
* @var …好吧,我很困惑.我有一个存储在会话中的对象.我可以添加项目到这个对象.到目前为止很简单.我像这样初始化对象:
$template = new Template($mysqli);
$_SESSION['template'] = serialize($template);
现在,这应该创建一个品牌打击新对象并将其分配给会话.然后我有一些代码通过AJAX请求添加项目.该代码如下:
$template = unserialize($_SESSION['template']);
$prodid = $_GET['product_id'];
$template->addItem($prodid);
echo var_dump($template->getItems());
$_SESSION['template'] = serialize($template);
再说一遍,应该很简单.现在问题是,第一位代码没有重置$_SESSION['template'],所以我得到了迄今为止我添加的所有项目,重新加载页面并没有修复它.
我找到了导致恶作剧的文件,但我不知道我能做些什么.它是一个包含,它是网站不同部分运行所必需的.我正在为网站添加功能,如果我删除功能,我不认为所有者会讨厌.这是文件:
<?php
include_once( 'DBE.class.php' ) ;
################################################
# Function: Sessions_open
# Parameters: $path (string), $name (string)
# Returns: bool
# Description: This is an over-ride function call
# that we need to create so that the php internal
# session manager doesn't store our session in the
# file system, since we are storing it in …我有一个多页面表单,我试图在我的网站上实现这样的工作:
1输入客户详细信息 - $ _POST - > 2确认客户详细信息 - $ _ SESSION - > 3从客户详细信息生成PDF
正如你在我的第二页上看到的那样,我从$ _POST获得了我的表单中的值.在同一页面上,我从我的类customer创建一个名为"customer"的对象,该对象存储从我的第一页发布的所有值.
然后我设置一个名为"customer"的$ _SESSION变量并将其分配给我的对象.
session_start();
//includes html header part of page
include("includes/page/header.php");
//customer class
include("classes.php");
$customer = new customer();
$_SESSION['customer'] = $customer;
现在,在我网站的最后一页上,我有以下代码:
session_start();
//assign customer to equal object stored in session
$customer = $_SESSION['customer'];
//to test if successfull , nothing is displayed!
echo $customer->first_name;
return 0;
我的页面上没有显示任何测试,所以我的会话没有按照我的想法做.
供参考:
最后一页上的会话var_dump.
object(__PHP_Incomplete_Class)#1 (15) { ["__PHP_Incomplete_Class_Name"]=> string(8) "customer" ["first_name"]=> string(5) "Iain" ["second_name"]=> string(6) …