Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

--TEST-- Object serialization / unserialization with inherited and hidden properties. --FI..

Decoded Output download

--TEST--
Object serialization / unserialization with inherited and hidden properties.
--FILE--
<?php
Class A {
    private $APriv = "A.APriv";
    protected $AProt = "A.AProt";
    public $APub = "A.APub";

    function audit() {
        return isset($this->APriv, $this->AProt, $this->APub);
    }
}

Class B extends A {
    private $BPriv = "B.BPriv";
    protected $BProt = "B.BProt";
    public $BPub = "B.BPub";

    function audit() {
        return  parent::audit() && isset($this->AProt, $this->APub,
                     $this->BPriv, $this->BProt, $this->BPub);
    }
}

Class C extends B {
    private $APriv = "C.APriv";
    protected $AProt = "C.AProt";
    public $APub = "C.APub";

    private $CPriv = "C.CPriv";
    protected $CProt = "C.BProt";
    public $CPub = "C.CPub";

    function audit() {
        return parent::audit() && isset($this->APriv, $this->AProt, $this->APub,
                     $this->BProt, $this->BPub,
                     $this->CPriv, $this->CProt, $this->CPub);
    }
}

function prettyPrint($obj) {
    echo "

Before serialization:
";
    var_dump($obj);

    echo "Serialized form:
";
    $ser = serialize($obj);
    $serPrintable = str_replace("", '', $ser);
    var_dump($serPrintable);

    echo "Unserialized:
";
    $uobj = unserialize($ser);
    var_dump($uobj);

    echo "Sanity check: ";
    var_dump($uobj->audit());
}

echo "-- Test instance of A --
";
prettyPrint(new A);
echo "

-- Test instance of B --
";
prettyPrint(new B);
echo "

-- Test instance of C --
";
prettyPrint(new C);

echo "Done";
?>
--EXPECTF--
-- Test instance of A --


Before serialization:
object(A)#%d (3) {
  ["APriv":"A":private]=>
  string(7) "A.APriv"
  ["AProt":protected]=>
  string(7) "A.AProt"
  ["APub"]=>
  string(6) "A.APub"
}
Serialized form:
string(98) "O:1:"A":3:{s:8:"AAPriv";s:7:"A.APriv";s:8:"*AProt";s:7:"A.AProt";s:4:"APub";s:6:"A.APub";}"
Unserialized:
object(A)#%d (3) {
  ["APriv":"A":private]=>
  string(7) "A.APriv"
  ["AProt":protected]=>
  string(7) "A.AProt"
  ["APub"]=>
  string(6) "A.APub"
}
Sanity check: bool(true)


-- Test instance of B --


Before serialization:
object(B)#%d (6) {
  ["APriv":"A":private]=>
  string(7) "A.APriv"
  ["AProt":protected]=>
  string(7) "A.AProt"
  ["APub"]=>
  string(6) "A.APub"
  ["BPriv":"B":private]=>
  string(7) "B.BPriv"
  ["BProt":protected]=>
  string(7) "B.BProt"
  ["BPub"]=>
  string(6) "B.BPub"
}
Serialized form:
string(184) "O:1:"B":6:{s:8:"AAPriv";s:7:"A.APriv";s:8:"*AProt";s:7:"A.AProt";s:4:"APub";s:6:"A.APub";s:8:"BBPriv";s:7:"B.BPriv";s:8:"*BProt";s:7:"B.BProt";s:4:"BPub";s:6:"B.BPub";}"
Unserialized:
object(B)#%d (6) {
  ["APriv":"A":private]=>
  string(7) "A.APriv"
  ["AProt":protected]=>
  string(7) "A.AProt"
  ["APub"]=>
  string(6) "A.APub"
  ["BPriv":"B":private]=>
  string(7) "B.BPriv"
  ["BProt":protected]=>
  string(7) "B.BProt"
  ["BPub"]=>
  string(6) "B.BPub"
}
Sanity check: bool(true)


-- Test instance of C --


Before serialization:
object(C)#%d (10) {
  ["APriv":"A":private]=>
  string(7) "A.APriv"
  ["AProt":protected]=>
  string(7) "C.AProt"
  ["APub"]=>
  string(6) "C.APub"
  ["BPriv":"B":private]=>
  string(7) "B.BPriv"
  ["BProt":protected]=>
  string(7) "B.BProt"
  ["BPub"]=>
  string(6) "B.BPub"
  ["APriv":"C":private]=>
  string(7) "C.APriv"
  ["CPriv":"C":private]=>
  string(7) "C.CPriv"
  ["CProt":protected]=>
  string(7) "C.BProt"
  ["CPub"]=>
  string(6) "C.CPub"
}
Serialized form:
string(302) "O:1:"C":10:{s:8:"AAPriv";s:7:"A.APriv";s:8:"*AProt";s:7:"C.AProt";s:4:"APub";s:6:"C.APub";s:8:"BBPriv";s:7:"B.BPriv";s:8:"*BProt";s:7:"B.BProt";s:4:"BPub";s:6:"B.BPub";s:8:"CAPriv";s:7:"C.APriv";s:8:"CCPriv";s:7:"C.CPriv";s:8:"*CProt";s:7:"C.BProt";s:4:"CPub";s:6:"C.CPub";}"
Unserialized:
object(C)#%d (10) {
  ["APriv":"A":private]=>
  string(7) "A.APriv"
  ["AProt":protected]=>
  string(7) "C.AProt"
  ["APub"]=>
  string(6) "C.APub"
  ["BPriv":"B":private]=>
  string(7) "B.BPriv"
  ["BProt":protected]=>
  string(7) "B.BProt"
  ["BPub"]=>
  string(6) "B.BPub"
  ["APriv":"C":private]=>
  string(7) "C.APriv"
  ["CPriv":"C":private]=>
  string(7) "C.CPriv"
  ["CProt":protected]=>
  string(7) "C.BProt"
  ["CPub"]=>
  string(6) "C.CPub"
}
Sanity check: bool(true)
Done

Did this file decode correctly?

Original Code

--TEST--
Object serialization / unserialization with inherited and hidden properties.
--FILE--
<?php
Class A {
    private $APriv = "A.APriv";
    protected $AProt = "A.AProt";
    public $APub = "A.APub";

    function audit() {
        return isset($this->APriv, $this->AProt, $this->APub);
    }
}

Class B extends A {
    private $BPriv = "B.BPriv";
    protected $BProt = "B.BProt";
    public $BPub = "B.BPub";

    function audit() {
        return  parent::audit() && isset($this->AProt, $this->APub,
                     $this->BPriv, $this->BProt, $this->BPub);
    }
}

Class C extends B {
    private $APriv = "C.APriv";
    protected $AProt = "C.AProt";
    public $APub = "C.APub";

    private $CPriv = "C.CPriv";
    protected $CProt = "C.BProt";
    public $CPub = "C.CPub";

    function audit() {
        return parent::audit() && isset($this->APriv, $this->AProt, $this->APub,
                     $this->BProt, $this->BPub,
                     $this->CPriv, $this->CProt, $this->CPub);
    }
}

function prettyPrint($obj) {
    echo "\n\nBefore serialization:\n";
    var_dump($obj);

    echo "Serialized form:\n";
    $ser = serialize($obj);
    $serPrintable = str_replace("\0", '\0', $ser);
    var_dump($serPrintable);

    echo "Unserialized:\n";
    $uobj = unserialize($ser);
    var_dump($uobj);

    echo "Sanity check: ";
    var_dump($uobj->audit());
}

echo "-- Test instance of A --\n";
prettyPrint(new A);
echo "\n\n-- Test instance of B --\n";
prettyPrint(new B);
echo "\n\n-- Test instance of C --\n";
prettyPrint(new C);

echo "Done";
?>
--EXPECTF--
-- Test instance of A --


Before serialization:
object(A)#%d (3) {
  ["APriv":"A":private]=>
  string(7) "A.APriv"
  ["AProt":protected]=>
  string(7) "A.AProt"
  ["APub"]=>
  string(6) "A.APub"
}
Serialized form:
string(98) "O:1:"A":3:{s:8:"\0A\0APriv";s:7:"A.APriv";s:8:"\0*\0AProt";s:7:"A.AProt";s:4:"APub";s:6:"A.APub";}"
Unserialized:
object(A)#%d (3) {
  ["APriv":"A":private]=>
  string(7) "A.APriv"
  ["AProt":protected]=>
  string(7) "A.AProt"
  ["APub"]=>
  string(6) "A.APub"
}
Sanity check: bool(true)


-- Test instance of B --


Before serialization:
object(B)#%d (6) {
  ["APriv":"A":private]=>
  string(7) "A.APriv"
  ["AProt":protected]=>
  string(7) "A.AProt"
  ["APub"]=>
  string(6) "A.APub"
  ["BPriv":"B":private]=>
  string(7) "B.BPriv"
  ["BProt":protected]=>
  string(7) "B.BProt"
  ["BPub"]=>
  string(6) "B.BPub"
}
Serialized form:
string(184) "O:1:"B":6:{s:8:"\0A\0APriv";s:7:"A.APriv";s:8:"\0*\0AProt";s:7:"A.AProt";s:4:"APub";s:6:"A.APub";s:8:"\0B\0BPriv";s:7:"B.BPriv";s:8:"\0*\0BProt";s:7:"B.BProt";s:4:"BPub";s:6:"B.BPub";}"
Unserialized:
object(B)#%d (6) {
  ["APriv":"A":private]=>
  string(7) "A.APriv"
  ["AProt":protected]=>
  string(7) "A.AProt"
  ["APub"]=>
  string(6) "A.APub"
  ["BPriv":"B":private]=>
  string(7) "B.BPriv"
  ["BProt":protected]=>
  string(7) "B.BProt"
  ["BPub"]=>
  string(6) "B.BPub"
}
Sanity check: bool(true)


-- Test instance of C --


Before serialization:
object(C)#%d (10) {
  ["APriv":"A":private]=>
  string(7) "A.APriv"
  ["AProt":protected]=>
  string(7) "C.AProt"
  ["APub"]=>
  string(6) "C.APub"
  ["BPriv":"B":private]=>
  string(7) "B.BPriv"
  ["BProt":protected]=>
  string(7) "B.BProt"
  ["BPub"]=>
  string(6) "B.BPub"
  ["APriv":"C":private]=>
  string(7) "C.APriv"
  ["CPriv":"C":private]=>
  string(7) "C.CPriv"
  ["CProt":protected]=>
  string(7) "C.BProt"
  ["CPub"]=>
  string(6) "C.CPub"
}
Serialized form:
string(302) "O:1:"C":10:{s:8:"\0A\0APriv";s:7:"A.APriv";s:8:"\0*\0AProt";s:7:"C.AProt";s:4:"APub";s:6:"C.APub";s:8:"\0B\0BPriv";s:7:"B.BPriv";s:8:"\0*\0BProt";s:7:"B.BProt";s:4:"BPub";s:6:"B.BPub";s:8:"\0C\0APriv";s:7:"C.APriv";s:8:"\0C\0CPriv";s:7:"C.CPriv";s:8:"\0*\0CProt";s:7:"C.BProt";s:4:"CPub";s:6:"C.CPub";}"
Unserialized:
object(C)#%d (10) {
  ["APriv":"A":private]=>
  string(7) "A.APriv"
  ["AProt":protected]=>
  string(7) "C.AProt"
  ["APub"]=>
  string(6) "C.APub"
  ["BPriv":"B":private]=>
  string(7) "B.BPriv"
  ["BProt":protected]=>
  string(7) "B.BProt"
  ["BPub"]=>
  string(6) "B.BPub"
  ["APriv":"C":private]=>
  string(7) "C.APriv"
  ["CPriv":"C":private]=>
  string(7) "C.CPriv"
  ["CProt":protected]=>
  string(7) "C.BProt"
  ["CPub"]=>
  string(6) "C.CPub"
}
Sanity check: bool(true)
Done

Function Calls

None

Variables

None

Stats

MD5 655fd440285511a3252f0728d1f2e203
Eval Count 0
Decode Time 96 ms