vectorface / varexporter-legacy
A powerful alternative to var_export(), which can export closures and objects without __set_state()
Requires
- php: >=7.0
- nikic/php-parser: ^4.0
Requires (Dev)
- php-coveralls/php-coveralls: ^2.0
- phpunit/phpunit: ^6.0 || ^7.0
This package is auto-updated.
Last update: 2020-10-03 17:39:49 UTC
README
A powerful and pretty replacement for PHP's var_export()
.
Note
This is just a quick fork of https://github.com/brick/varexporter to add PHP 7.0 support for some legacy apps.
Introduction
PHP's var_export() function is a handy way to export a variable as executable PHP code.
It is particularly useful to store data that can be cached by OPCache, just like your source code, and later retrieved very fast, much faster than unserializing data using unserialize()
or json_decode()
.
But it also suffers from several drawbacks:
- It outputs invalid PHP code for
stdClass
objects, usingstdClass::__set_state()
which doesn't exist (PHP < 7.3) - It cannot export custom objects that do not implement
__set_state()
, and__set_state()
does not play well with private properties in parent classes, which makes the implementation tedious - It does not support closures
Additionally, the output is not very pretty:
- It outputs arrays as
array()
notation, instead of the short[]
notation - It outputs numeric arrays with explicit and unnecessary
0 => ...
key => value syntax
This library aims to provide a prettier, safer, and powerful alternative to var_export()
.
Installation
This library is installable via Composer:
composer require vectorface/varexporter-legacy
Requirements
This library requires PHP 7.0 or later.
Project status & release process
While this library is still under development, it is well tested and should be stable enough to use in production environments.
The current releases are numbered 0.x.y
. When a non-breaking change is introduced (adding new methods, optimizing existing code, etc.), y
is incremented.
When a breaking change is introduced, a new 0.x
version cycle is always started.
It is therefore safe to lock your project to a given release cycle, such as 0.2.*
.
If you need to upgrade to a newer release cycle, check the release history for a list of changes introduced by each further 0.x.0
version.
Quickstart
This library offers a single method, VarExporter::export()
which works pretty much like var_export()
:
use Brick\VarExporter\VarExporter; echo VarExporter::export([1, 2, ['foo' => 'bar', 'baz' => []]]);
This code will output:
[ 1, 2, [ 'foo' => 'bar', 'baz' => [] ] ]
Compare this to the var_export()
output:
array ( 0 => 1, 1 => 2, 2 => array ( 'foo' => 'bar', 'baz' => array ( ), ), )
Note: unlike var_export()
, export()
always returns the exported variable, and never outputs it.
Exporting stdClass objects
You come across a stdClass
object every time you cast an array to an object, or use json_decode()
with the second argument set to false
(which is the default).
While the output of var_export()
for stdClass
is syntactically valid PHP code:
var_export(json_decode(' { "foo": "bar", "baz": { "hello": "world" } } '));
stdClass::__set_state(array( 'foo' => 'bar', 'baz' => stdClass::__set_state(array( 'hello' => 'world', )), ))
it is totally useless as it assumes that stdClass
has a static __set_state()
method, when it doesn't:
Error: Call to undefined method stdClass::__set_state()
What does VarExporter
do instead?
It outputs an array to object cast, which is syntactically valid, readable and executable:
echo VarExporter::export(json_decode(' { "foo": "bar", "baz": { "hello": "world" } } '));
(object) [ 'foo' => 'bar', 'baz' => (object) [ 'hello' => 'world' ] ]
Note: since PHP 7.3, var_export()
now exports an array to object cast like VarExporter::export()
does.
Exporting custom objects
As we've seen above, var_export()
assumes that every object has a static __set_state() method that takes an associative array of property names to values, and returns a object.
This means that if you want to export an instance of a class outside of your control, you're screwed up. This also means that you have to write boilerplate code for your classes, that looks like:
class Foo { public $a; public $b; public $c; public static function __set_state(array $array) : self { $object = new self; $object->a = $array['a']; $object->b = $array['b']; $object->c = $array['c']; return $object; } }
Or the more dynamic, reusable, and less IDE-friendly version:
public static function __set_state(array $array) : self { $object = new self; foreach ($array as $key => $value) { $object->{$key} = $value; } return $object; }
If your class has a parent with private properties, you may have to do some gymnastics to write the value, and if your class overrides a private property of one of its parents, you're out of luck as var_export()
puts all properties in the same bag, outputting an array with a duplicate key.
What does VarExporter
do instead?
It determines the most appropriate method to export your object, in this order:
-
If your custom class has a
__set_state()
method,VarExporter
uses it by default, just likevar_export()
would do:\My\CustomClass::__set_state([ 'foo' => 'Hello', 'bar' => 'World' ])
The array passed to
__set_state()
will be built with the same semantics used byvar_export()
; this library aims to be 100% compatible in this regard. The only difference is when your class has overridden private properties:var_export()
will output an array that contains the same key twice (resulting in data loss), whileVarExporter
will throw anExportException
to keep you on the safe side.Unlike
var_export()
, this method will only be used if actually implemented on the class.You can disable exporting objects this way, even if they implement
__set_state()
, using theNO_SET_STATE
option. -
If your class has
__serialize()
and__unserialize()
methods (introduced in PHP 7.4, but this library accepts them in previous versions of PHP!),VarExporter
uses the output of__serialize()
to export the object, and gives it as input to__unserialize()
to reconstruct the object:(static function() { $class = new \ReflectionClass(\My\CustomClass::class); $object = $class->newInstanceWithoutConstructor(); $object->__unserialize([ 'foo' => 'Test', 'bar' => 1234 ]); return $object; })()
This method is recommended for exporting complex custom objects: it is forward compatible with the new serialization mechanism introduced in PHP 7.4, flexible, safe, and composes very well under inheritance.
If for any reason you do not want to export objects that implement
__serialize()
and__unserialize()
using this method, you can opt out by using theNO_SERIALIZE
option. -
If the class does not meet any of the conditions above, it is exported through direct property access, which in its simplest form looks like:
(static function() { $object = new \My\CustomClass; $object->publicProp = 'Foo'; $object->dynamicProp = 'Bar'; return $object; })()
If the class has a constructor, it will be bypassed using reflection:
(static function() { $class = new \ReflectionClass(\My\CustomClass::class); $object = $class->newInstanceWithoutConstructor(); ... })()
If the class has non-public properties, they will be accessed through closures bound to the object:
(static function() { $class = new \ReflectionClass(\My\CustomClass::class); $object = $class->newInstanceWithoutConstructor(); $object->publicProp = 'Foo'; $object->dynamicProp = 'Bar'; (function() { $this->protectedProp = 'contents'; $this->privateProp = 'contents'; })->bindTo($object, \My\CustomClass::class)(); (function() { $this->privatePropInParent = 'contents'; })->bindTo($object, \My\ParentClass::class)(); return $object; })()
You can disable exporting objects this way, using the
NOT_ANY_OBJECT
option.
If you attempt to export a custom object and all compatible exporters have been disabled, an ExportException
will be thrown.
Exporting closures
Since version 0.2.0
, VarExporter
has experimental support for closures:
echo VarExporter::export([ 'callback' => function() { return 'Hello, world!'; } ]);
[ 'callback' => function () { return 'Hello, world!'; } ]
To do this magic, VarExporter
parses the PHP source file where your closure is defined, using the well-established nikic/php-parser library, inspired by SuperClosure.
To ensure that the closure will work in any context, it rewrites its source code, replacing any namespaced class/function/constant name with its fully qualified counterpart:
namespace My\App; use My\App\Model\Entity; use function My\App\Functions\imported_function; use const My\App\Constants\IMPORTED_CONSTANT; use Brick\VarExporter\VarExporter; echo VarExporter::export(function(Service $service) : Entity { strlen(NON_NAMESPACED_CONSTANT); imported_function(IMPORTED_CONSTANT); \My\App\Functions\explicitly_namespaced_function(\My\App\Constants\EXPLICITLY_NAMESPACED_CONSTANT); return new Entity(); });
function (\My\App\Service $service) : \My\App\Model\Entity { strlen(NON_NAMESPACED_CONSTANT); \My\App\Functions\imported_function(\My\App\Constants\IMPORTED_CONSTANT); \My\App\Functions\explicitly_namespaced_function(\My\App\Constants\EXPLICITLY_NAMESPACED_CONSTANT); return new \My\App\Model\Entity(); }
Note how all namespaced classes, and explicitly namespaced functions and constants, have been rewritten, while the non-namespaced function strlen()
and the non-namespaced constant have been left as is. This brings us to the first caveat:
Caveats
- Functions and constants that are not not explicitly namespaced, either directly or through a
use function
oruse const
statement, are always exported as is. This is because the parser does not have the runtime context to check if a definition for this function or constant exists in the current namespace, and as such cannot reliably predict the behaviour of PHP's fallback to global function/constant. Be really careful here if you're using namespaced functions or constants: always explicitly import your namespaced functions and constants, if any. - Closures that have variables bound through
use()
cannot be exported, and will throw anExportException
. This is intentional, because exported closures can be executed in another context, and as such must not rely on the context they've been originally defined in. - Closures can use
$this
, but will not be bound to an object once exported. You must explicitly bind them throughbindTo()
if required, after running the exported code. - You cannot have 2 closures on the same line in your source file, or an
ExportException
will be thrown. This is becauseVarExporter
cannot know which one holds the definition for the\Closure
object it encountered. - Closures defined in eval()'d code cannot be exported and throw an
ExportException
, because there is no source file to parse.
You can disable exporting closures, using the NO_CLOSURES
option. When this option is set, an ExportException
will be thrown when attempting to export a closure.
Options
VarExporter::export()
accepts a bitmask of options as a second parameter:
VarExporter::export($var, VarExporter::ADD_RETURN | VarExporter::ADD_TYPE_HINTS);
Available options:
VarExporter::ADD_RETURN
Wraps the output in a return statement:
return (...);
This makes the code ready to be executed in a PHP file―or eval()
, for that matter.
VarExporter::ADD_TYPE_HINTS
Adds type hints to objects created through reflection, and to $this
inside closures bound to an object.
This allows the resulting code to be statically analyzed by external tools and IDEs:
/** @var \My\CustomClass $object */ $object = $class->newInstanceWithoutConstructor(); (function() { /** @var \My\CustomClass $this */ $this->privateProp = ...; })->bindTo($object, \My\CustomClass::class)();
VarExporter::SKIP_DYNAMIC_PROPERTIES
Skips dynamic properties on custom classes in the output. Dynamic properties are properties that are not part of the class definition, and added to an object at runtime. By default, any dynamic property set on a custom class is
exported; if this option is used, dynamic properties are only allowed on stdClass
objects, and ignored on other objects.
VarExporter::NO_SET_STATE
Disallows exporting objects through __set_state()
.
VarExporter::NO_SERIALIZE
Disallows exporting objects through __serialize()
and __unserialize()
.
VarExporter::NOT_ANY_OBJECT
Disallows exporting any custom object using direct property access and bound closures.
VarExporter::NO_CLOSURES
Disallows exporting closures.
VarExporter::INLINE_NUMERIC_SCALAR_ARRAY
Formats numeric arrays containing only scalar values on a single line:
VarExporter::export([ 'one' => ['hello', 'world', 123, true, false, null, 7.5], 'two' => ['hello', 'world', ['one', 'two', 'three']] ], VarExporter::INLINE_NUMERIC_SCALAR_ARRAY);
[ 'one' => ['hello', 'world', 123, true, false, null, 7.5], 'two' => [ 'hello', 'world', ['one', 'two', 'three'] ] ]
Types considered scalar here are int
, bool
, float
, string
and null
.
Error handling
Any error occurring on export()
will throw an ExportException
:
use Brick\VarExporter\VarExporter; use Brick\VarExporter\ExportException; try { VarExporter::export(fopen('php://memory', 'r')); } catch (ExportException $e) { // Type "resource" is not supported. }
Limitations
-
Exporting internal classes other than
stdClass
andClosure
is currently not supported.VarExporter
will throw anExportException
if it finds one.To avoid hitting this brick wall, you can implement
__serialize()
and__unserialize()
in classes that contain references to internal objects.Feel free to open an issue or a pull request if you think that an internal class could/should be exportable.
-
Exporting anonymous classes is not supported yet. Ideas or pull requests welcome.
-
Just like
var_export()
,VarExporter
cannot currently maintain object identity (two instances of the same object, once exported, will create two equal (==
) yet distinct (!==
) objects). -
And just like
var_export()
, it cannot currently handle circular references, such as objectA
pointing toB
, andB
pointing back toA
.
In pretty much every other case, it offers an elegant and very efficient way to cache data to PHP files, and a solid alternative to serialization.