Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
--TEST-- Bug #72663 (1): Don't call __destruct if __wakeup not called or fails --FILE-- <?..
Decoded Output download
--TEST--
Bug #72663 (1): Don't call __destruct if __wakeup not called or fails
--FILE--
<?php
class Test1 {
public function __wakeup() {
echo "Wakeup
";
}
public function __destruct() {
echo "Dtor
";
}
}
class Test2 {
public function __wakeup() {
throw new Exception('Unserialization forbidden');
}
public function __destruct() {
echo "Dtor
";
}
}
// Unserialize object with error in properties
$s = 'O:5:"Test1":1:{s:10:"";}';
var_dump(unserialize($s));
// Variation: Object is turned into a reference
$s = 'O:5:"Test1":2:{i:0;R:1;s:10:"";}';
var_dump(unserialize($s));
// Unserialize object with throwing __wakeup
$s = 'O:5:"Test2":0:{}';
try {
var_dump(unserialize($s));
} catch (Exception $e) {
echo "Caught
";
}
//
// Variation: Object is turned into a reference
$s = 'O:5:"Test2":1:{i:0;R:1;}';
try {
var_dump(unserialize($s));
} catch (Exception $e) {
echo "Caught
";
}
?>
--EXPECTF--
Notice: unserialize(): Error at offset 17 of 24 bytes in %s on line %d
bool(false)
Notice: unserialize(): Error at offset 25 of 32 bytes in %s on line %d
bool(false)
Caught
Caught
Did this file decode correctly?
Original Code
--TEST--
Bug #72663 (1): Don't call __destruct if __wakeup not called or fails
--FILE--
<?php
class Test1 {
public function __wakeup() {
echo "Wakeup\n";
}
public function __destruct() {
echo "Dtor\n";
}
}
class Test2 {
public function __wakeup() {
throw new Exception('Unserialization forbidden');
}
public function __destruct() {
echo "Dtor\n";
}
}
// Unserialize object with error in properties
$s = 'O:5:"Test1":1:{s:10:"";}';
var_dump(unserialize($s));
// Variation: Object is turned into a reference
$s = 'O:5:"Test1":2:{i:0;R:1;s:10:"";}';
var_dump(unserialize($s));
// Unserialize object with throwing __wakeup
$s = 'O:5:"Test2":0:{}';
try {
var_dump(unserialize($s));
} catch (Exception $e) {
echo "Caught\n";
}
//
// Variation: Object is turned into a reference
$s = 'O:5:"Test2":1:{i:0;R:1;}';
try {
var_dump(unserialize($s));
} catch (Exception $e) {
echo "Caught\n";
}
?>
--EXPECTF--
Notice: unserialize(): Error at offset 17 of 24 bytes in %s on line %d
bool(false)
Notice: unserialize(): Error at offset 25 of 32 bytes in %s on line %d
bool(false)
Caught
Caught
Function Calls
None |
Stats
MD5 | 6bf151c2a36431958bdca754a241861f |
Eval Count | 0 |
Decode Time | 92 ms |