DOMNode serialization on PHP ^8.1

[wazelin]

Description

The following code:

<?php

class SerializableDomDocument extends DOMDocument
{
    private $xmlData;

    public function __sleep(): array
    {
        $this->xmlData = $this->saveXML();
        return ['xmlData'];
    }

    public function __wakeup(): void
    {
        $this->loadXML($this->xmlData);
    }
}


$dom = new SerializableDomDocument('1.0', 'UTF-8');
$dom->loadXML('<tag>value</tag>');

$serialized = serialize($dom);
$unserialized = unserialize($serialized);

echo "Serialized:\n-----------\n$serialized\n-----------\nRestored:\n-----------\n{$unserialized->saveXml()}";

Resulted in this output:

Fatal error: Uncaught Exception: Serialization of 'SerializableDomDocument' is not allowed in script.php:20
Stack trace:
#0 script.php(20): serialize(Object(SerializableDomDocument))
#1 {main}
  thrown in script.php on line 20

But I expected this output instead:

Serialized:
-----------
O:23:"SerializableDomDocument":1:{s:32:"SerializableDomDocumentxmlData";s:39:"<?xml version="1.0"?>
<tag>value</tag>
";}
-----------
Restored:
-----------
<?xml version="1.0"?>
<tag>value</tag>

It appears to be sort of an expected behavior of PHP 8.1 due to ca94d55, but I would still expect:

1. the change to be marked as a breaking one in the PHP 8.1 release notes;
2. serialization to be allowed if the descendant class explicitly states it is serializable by providing __serialize() / __unserialize() or __sleep() / __wakeup() method pairs.

PHP Version

8.1.0 - 8.1.9

Operating System

No response

[cmb69]

Oh, it likely has been overlooked that this might break code if the class is subclassed. I agree that we need to document this change (some other classes/extensions may have the same issue), and that we should look into supporting (un)serialization for respective subclasses.