blob: 2e23ca1b71fa6c8ac86d97a8355b97b5aee1f7ab (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
--TEST--
Test unserialize() with second parameter
--FILE--
<?php
class foo {
public $x = "bar";
}
$z = array(new foo(), 2, "3");
$s = serialize($z);
var_dump(unserialize($s));
var_dump(unserialize($s, ["allowed_classes" => false]));
var_dump(unserialize($s, ["allowed_classes" => true]));
var_dump(unserialize($s, ["allowed_classes" => ["bar"]]));
var_dump(unserialize($s, ["allowed_classes" => ["FOO"]]));
var_dump(unserialize($s, ["allowed_classes" => ["bar", "foO"]]));
--EXPECTF--
array(3) {
[0]=>
object(foo)#%d (1) {
["x"]=>
string(3) "bar"
}
[1]=>
int(2)
[2]=>
string(1) "3"
}
array(3) {
[0]=>
object(__PHP_Incomplete_Class)#%d (2) {
["__PHP_Incomplete_Class_Name"]=>
string(3) "foo"
["x"]=>
string(3) "bar"
}
[1]=>
int(2)
[2]=>
string(1) "3"
}
array(3) {
[0]=>
object(foo)#%d (1) {
["x"]=>
string(3) "bar"
}
[1]=>
int(2)
[2]=>
string(1) "3"
}
array(3) {
[0]=>
object(__PHP_Incomplete_Class)#%d (2) {
["__PHP_Incomplete_Class_Name"]=>
string(3) "foo"
["x"]=>
string(3) "bar"
}
[1]=>
int(2)
[2]=>
string(1) "3"
}
array(3) {
[0]=>
object(foo)#%d (1) {
["x"]=>
string(3) "bar"
}
[1]=>
int(2)
[2]=>
string(1) "3"
}
array(3) {
[0]=>
object(foo)#%d (1) {
["x"]=>
string(3) "bar"
}
[1]=>
int(2)
[2]=>
string(1) "3"
}
|