php - How to write a valid callback for preg_replace_callback(): Requires argument 2, ''s:'.strlen('$2').':"$2";'',

one text

Solution:

This code appears to be very naively attempting to fix a serialization bug. Whenever I've seen that, it was always because someone performed a database search-and-replace blindly and PHP is very particular about its storage format.

For, I would say just see if you can get away with removing the regex, maybe it isn't needed anymore. Watch your logs and see if you see any notices.

function __unserialize( $sObject ) {
    return unserialize( $sObject );
}

If that doesn't work, here is a version that does on very simple objects but has some caveats to be aware of:

function __unserialize($sObject)
{
    $__ret = preg_replace_callback(
        '!s:(?<length>\d+):"(?<value>.*?)";!',
        static function ($matches) {
            return 's:' . strlen($matches['value']) . ':"' . $matches['value'] . '";';
        },
        $sObject
    );
    return unserialize($__ret);
}

This can be tested with:

$obj = new stdClass();
$obj->test = 'test';

$before = serialize($obj);
$after = __unserialize($before);

echo $before, PHP_EOL;

print_r($after);

In PHP, the string test string is serialized as:

s:4:"test"

where the first digit is the length of the string followed by the actual string. If the length doesn't match, that's where things get bad and that's what your code was trying to fix. I say your code does it naively because there are edge cases that it can't handle, such as this:

$obj = new stdClass();
$obj->test = 'test";';

$before = serialize($obj);
$after = __unserialize($before);

But, if it worked in the past, maybe those edge cases don't exist.