PHP: Hypertext Preprocessor (original) (raw)

<?phpclass MyClass { public string $property = "myValue"; }$myObject = new MyClass;$foo = serialize($myObject);// unserializes all objects into __PHP_Incomplete_Class objects <math xmlns="http://www.w3.org/1998/Math/MathML"><semantics><mrow><mi>d</mi><mi>i</mi><mi>s</mi><mi>a</mi><mi>l</mi><mi>l</mi><mi>o</mi><mi>w</mi><mi>e</mi><mi>d</mi><mo>=</mo><mi>u</mi><mi>n</mi><mi>s</mi><mi>e</mi><mi>r</mi><mi>i</mi><mi>a</mi><mi>l</mi><mi>i</mi><mi>z</mi><mi>e</mi><mo stretchy="false">(</mo></mrow><annotation encoding="application/x-tex">disallowed = unserialize(</annotation></semantics></math>disallowed=unserialize(foo, ["allowed_classes" => false]);var_dump($disallowed);// unserializes all objects into __PHP_Incomplete_Class objects except those of MyClass2 and MyClass3 <math xmlns="http://www.w3.org/1998/Math/MathML"><semantics><mrow><mi>d</mi><mi>i</mi><mi>s</mi><mi>a</mi><mi>l</mi><mi>l</mi><mi>o</mi><mi>w</mi><mi>e</mi><mi>d</mi><mn>2</mn><mo>=</mo><mi>u</mi><mi>n</mi><mi>s</mi><mi>e</mi><mi>r</mi><mi>i</mi><mi>a</mi><mi>l</mi><mi>i</mi><mi>z</mi><mi>e</mi><mo stretchy="false">(</mo></mrow><annotation encoding="application/x-tex">disallowed2 = unserialize(</annotation></semantics></math>disallowed2=unserialize(foo, ["allowed_classes" => ["MyClass2", "MyClass3"]]);var_dump($disallowed2);// unserializes undefined class into __PHP_Incomplete_Class object <math xmlns="http://www.w3.org/1998/Math/MathML"><semantics><mrow><mi>u</mi><mi>n</mi><mi>d</mi><mi>e</mi><mi>f</mi><mi>i</mi><mi>n</mi><mi>e</mi><mi>d</mi><mi>C</mi><mi>l</mi><mi>a</mi><mi>s</mi><mi>s</mi><mo>=</mo><mi>u</mi><mi>n</mi><mi>s</mi><mi>e</mi><mi>r</mi><mi>i</mi><mi>a</mi><mi>l</mi><mi>i</mi><mi>z</mi><mi>e</mi><msup><mo stretchy="false">(</mo><mo mathvariant="normal" lspace="0em" rspace="0em">′</mo></msup><mi>O</mi><mo>:</mo><mn>16</mn><mo>:</mo><mi mathvariant="normal">"</mi><mi>M</mi><mi>y</mi><mi>U</mi><mi>n</mi><mi>d</mi><mi>e</mi><mi>f</mi><mi>i</mi><mi>n</mi><mi>e</mi><mi>d</mi><mi>C</mi><mi>l</mi><mi>a</mi><mi>s</mi><mi>s</mi><mi mathvariant="normal">"</mi><mo>:</mo><mn>0</mn><mo>:</mo><msup><mrow></mrow><mo mathvariant="normal" lspace="0em" rspace="0em">′</mo></msup><mo stretchy="false">)</mo><mo separator="true">;</mo><mi>v</mi><mi>a</mi><msub><mi>r</mi><mi>d</mi></msub><mi>u</mi><mi>m</mi><mi>p</mi><mo stretchy="false">(</mo></mrow><annotation encoding="application/x-tex">undefinedClass = unserialize('O:16:"MyUndefinedClass":0:{}');var_dump(</annotation></semantics></math>undefinedClass=unserialize(′O:16:"MyUndefinedClass":0:′);vardump(undefinedClass);

object(__PHP_Incomplete_Class)#2 (2) { ["__PHP_Incomplete_Class_Name"]=> string(7) "MyClass" ["property"]=> string(7) "myValue" } object(__PHP_Incomplete_Class)#3 (2) { ["__PHP_Incomplete_Class_Name"]=> string(7) "MyClass" ["property"]=> string(7) "myValue" } object(__PHP_Incomplete_Class)#4 (1) { ["__PHP_Incomplete_Class_Name"]=> string(16) "MyUndefinedClass" }