Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
--TEST-- Object serialization / unserialization with inherited and hidden properties. --FI..
Decoded Output download
--TEST--
Object serialization / unserialization with inherited and hidden properties.
--FILE--
<?php
Class A {
private $APriv = "A.APriv";
protected $AProt = "A.AProt";
public $APub = "A.APub";
function audit() {
return isset($this->APriv, $this->AProt, $this->APub);
}
}
Class B extends A {
private $BPriv = "B.BPriv";
protected $BProt = "B.BProt";
public $BPub = "B.BPub";
function audit() {
return parent::audit() && isset($this->AProt, $this->APub,
$this->BPriv, $this->BProt, $this->BPub);
}
}
Class C extends B {
private $APriv = "C.APriv";
protected $AProt = "C.AProt";
public $APub = "C.APub";
private $CPriv = "C.CPriv";
protected $CProt = "C.BProt";
public $CPub = "C.CPub";
function audit() {
return parent::audit() && isset($this->APriv, $this->AProt, $this->APub,
$this->BProt, $this->BPub,
$this->CPriv, $this->CProt, $this->CPub);
}
}
function prettyPrint($obj) {
echo "
Before serialization:
";
var_dump($obj);
echo "Serialized form:
";
$ser = serialize($obj);
$serPrintable = str_replace("", '', $ser);
var_dump($serPrintable);
echo "Unserialized:
";
$uobj = unserialize($ser);
var_dump($uobj);
echo "Sanity check: ";
var_dump($uobj->audit());
}
echo "-- Test instance of A --
";
prettyPrint(new A);
echo "
-- Test instance of B --
";
prettyPrint(new B);
echo "
-- Test instance of C --
";
prettyPrint(new C);
echo "Done";
?>
--EXPECTF--
-- Test instance of A --
Before serialization:
object(A)#%d (3) {
["APriv":"A":private]=>
string(7) "A.APriv"
["AProt":protected]=>
string(7) "A.AProt"
["APub"]=>
string(6) "A.APub"
}
Serialized form:
string(98) "O:1:"A":3:{s:8:"AAPriv";s:7:"A.APriv";s:8:"*AProt";s:7:"A.AProt";s:4:"APub";s:6:"A.APub";}"
Unserialized:
object(A)#%d (3) {
["APriv":"A":private]=>
string(7) "A.APriv"
["AProt":protected]=>
string(7) "A.AProt"
["APub"]=>
string(6) "A.APub"
}
Sanity check: bool(true)
-- Test instance of B --
Before serialization:
object(B)#%d (6) {
["APriv":"A":private]=>
string(7) "A.APriv"
["AProt":protected]=>
string(7) "A.AProt"
["APub"]=>
string(6) "A.APub"
["BPriv":"B":private]=>
string(7) "B.BPriv"
["BProt":protected]=>
string(7) "B.BProt"
["BPub"]=>
string(6) "B.BPub"
}
Serialized form:
string(184) "O:1:"B":6:{s:8:"AAPriv";s:7:"A.APriv";s:8:"*AProt";s:7:"A.AProt";s:4:"APub";s:6:"A.APub";s:8:"BBPriv";s:7:"B.BPriv";s:8:"*BProt";s:7:"B.BProt";s:4:"BPub";s:6:"B.BPub";}"
Unserialized:
object(B)#%d (6) {
["APriv":"A":private]=>
string(7) "A.APriv"
["AProt":protected]=>
string(7) "A.AProt"
["APub"]=>
string(6) "A.APub"
["BPriv":"B":private]=>
string(7) "B.BPriv"
["BProt":protected]=>
string(7) "B.BProt"
["BPub"]=>
string(6) "B.BPub"
}
Sanity check: bool(true)
-- Test instance of C --
Before serialization:
object(C)#%d (10) {
["APriv":"A":private]=>
string(7) "A.APriv"
["AProt":protected]=>
string(7) "C.AProt"
["APub"]=>
string(6) "C.APub"
["BPriv":"B":private]=>
string(7) "B.BPriv"
["BProt":protected]=>
string(7) "B.BProt"
["BPub"]=>
string(6) "B.BPub"
["APriv":"C":private]=>
string(7) "C.APriv"
["CPriv":"C":private]=>
string(7) "C.CPriv"
["CProt":protected]=>
string(7) "C.BProt"
["CPub"]=>
string(6) "C.CPub"
}
Serialized form:
string(302) "O:1:"C":10:{s:8:"AAPriv";s:7:"A.APriv";s:8:"*AProt";s:7:"C.AProt";s:4:"APub";s:6:"C.APub";s:8:"BBPriv";s:7:"B.BPriv";s:8:"*BProt";s:7:"B.BProt";s:4:"BPub";s:6:"B.BPub";s:8:"CAPriv";s:7:"C.APriv";s:8:"CCPriv";s:7:"C.CPriv";s:8:"*CProt";s:7:"C.BProt";s:4:"CPub";s:6:"C.CPub";}"
Unserialized:
object(C)#%d (10) {
["APriv":"A":private]=>
string(7) "A.APriv"
["AProt":protected]=>
string(7) "C.AProt"
["APub"]=>
string(6) "C.APub"
["BPriv":"B":private]=>
string(7) "B.BPriv"
["BProt":protected]=>
string(7) "B.BProt"
["BPub"]=>
string(6) "B.BPub"
["APriv":"C":private]=>
string(7) "C.APriv"
["CPriv":"C":private]=>
string(7) "C.CPriv"
["CProt":protected]=>
string(7) "C.BProt"
["CPub"]=>
string(6) "C.CPub"
}
Sanity check: bool(true)
Done
Did this file decode correctly?
Original Code
--TEST--
Object serialization / unserialization with inherited and hidden properties.
--FILE--
<?php
Class A {
private $APriv = "A.APriv";
protected $AProt = "A.AProt";
public $APub = "A.APub";
function audit() {
return isset($this->APriv, $this->AProt, $this->APub);
}
}
Class B extends A {
private $BPriv = "B.BPriv";
protected $BProt = "B.BProt";
public $BPub = "B.BPub";
function audit() {
return parent::audit() && isset($this->AProt, $this->APub,
$this->BPriv, $this->BProt, $this->BPub);
}
}
Class C extends B {
private $APriv = "C.APriv";
protected $AProt = "C.AProt";
public $APub = "C.APub";
private $CPriv = "C.CPriv";
protected $CProt = "C.BProt";
public $CPub = "C.CPub";
function audit() {
return parent::audit() && isset($this->APriv, $this->AProt, $this->APub,
$this->BProt, $this->BPub,
$this->CPriv, $this->CProt, $this->CPub);
}
}
function prettyPrint($obj) {
echo "\n\nBefore serialization:\n";
var_dump($obj);
echo "Serialized form:\n";
$ser = serialize($obj);
$serPrintable = str_replace("\0", '\0', $ser);
var_dump($serPrintable);
echo "Unserialized:\n";
$uobj = unserialize($ser);
var_dump($uobj);
echo "Sanity check: ";
var_dump($uobj->audit());
}
echo "-- Test instance of A --\n";
prettyPrint(new A);
echo "\n\n-- Test instance of B --\n";
prettyPrint(new B);
echo "\n\n-- Test instance of C --\n";
prettyPrint(new C);
echo "Done";
?>
--EXPECTF--
-- Test instance of A --
Before serialization:
object(A)#%d (3) {
["APriv":"A":private]=>
string(7) "A.APriv"
["AProt":protected]=>
string(7) "A.AProt"
["APub"]=>
string(6) "A.APub"
}
Serialized form:
string(98) "O:1:"A":3:{s:8:"\0A\0APriv";s:7:"A.APriv";s:8:"\0*\0AProt";s:7:"A.AProt";s:4:"APub";s:6:"A.APub";}"
Unserialized:
object(A)#%d (3) {
["APriv":"A":private]=>
string(7) "A.APriv"
["AProt":protected]=>
string(7) "A.AProt"
["APub"]=>
string(6) "A.APub"
}
Sanity check: bool(true)
-- Test instance of B --
Before serialization:
object(B)#%d (6) {
["APriv":"A":private]=>
string(7) "A.APriv"
["AProt":protected]=>
string(7) "A.AProt"
["APub"]=>
string(6) "A.APub"
["BPriv":"B":private]=>
string(7) "B.BPriv"
["BProt":protected]=>
string(7) "B.BProt"
["BPub"]=>
string(6) "B.BPub"
}
Serialized form:
string(184) "O:1:"B":6:{s:8:"\0A\0APriv";s:7:"A.APriv";s:8:"\0*\0AProt";s:7:"A.AProt";s:4:"APub";s:6:"A.APub";s:8:"\0B\0BPriv";s:7:"B.BPriv";s:8:"\0*\0BProt";s:7:"B.BProt";s:4:"BPub";s:6:"B.BPub";}"
Unserialized:
object(B)#%d (6) {
["APriv":"A":private]=>
string(7) "A.APriv"
["AProt":protected]=>
string(7) "A.AProt"
["APub"]=>
string(6) "A.APub"
["BPriv":"B":private]=>
string(7) "B.BPriv"
["BProt":protected]=>
string(7) "B.BProt"
["BPub"]=>
string(6) "B.BPub"
}
Sanity check: bool(true)
-- Test instance of C --
Before serialization:
object(C)#%d (10) {
["APriv":"A":private]=>
string(7) "A.APriv"
["AProt":protected]=>
string(7) "C.AProt"
["APub"]=>
string(6) "C.APub"
["BPriv":"B":private]=>
string(7) "B.BPriv"
["BProt":protected]=>
string(7) "B.BProt"
["BPub"]=>
string(6) "B.BPub"
["APriv":"C":private]=>
string(7) "C.APriv"
["CPriv":"C":private]=>
string(7) "C.CPriv"
["CProt":protected]=>
string(7) "C.BProt"
["CPub"]=>
string(6) "C.CPub"
}
Serialized form:
string(302) "O:1:"C":10:{s:8:"\0A\0APriv";s:7:"A.APriv";s:8:"\0*\0AProt";s:7:"C.AProt";s:4:"APub";s:6:"C.APub";s:8:"\0B\0BPriv";s:7:"B.BPriv";s:8:"\0*\0BProt";s:7:"B.BProt";s:4:"BPub";s:6:"B.BPub";s:8:"\0C\0APriv";s:7:"C.APriv";s:8:"\0C\0CPriv";s:7:"C.CPriv";s:8:"\0*\0CProt";s:7:"C.BProt";s:4:"CPub";s:6:"C.CPub";}"
Unserialized:
object(C)#%d (10) {
["APriv":"A":private]=>
string(7) "A.APriv"
["AProt":protected]=>
string(7) "C.AProt"
["APub"]=>
string(6) "C.APub"
["BPriv":"B":private]=>
string(7) "B.BPriv"
["BProt":protected]=>
string(7) "B.BProt"
["BPub"]=>
string(6) "B.BPub"
["APriv":"C":private]=>
string(7) "C.APriv"
["CPriv":"C":private]=>
string(7) "C.CPriv"
["CProt":protected]=>
string(7) "C.BProt"
["CPub"]=>
string(6) "C.CPub"
}
Sanity check: bool(true)
Done
Function Calls
None |
Stats
MD5 | 655fd440285511a3252f0728d1f2e203 |
Eval Count | 0 |
Decode Time | 96 ms |