Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
--TEST-- Serialization of properties should not deal INDIRECT entries to userland --FILE--..
Decoded Output download
--TEST--
Serialization of properties should not deal INDIRECT entries to userland
--FILE--
<?php
class MyArrayObject extends ArrayObject {
private $unused = 123;
public function __construct(array $array)
{
parent::__construct($array, 1);
}
}
class MySplDoublyLinkedList extends SplDoublyLinkedList {
private $unused = 123;
}
class MySplObjectStorage extends SplObjectStorage {
private $unused = 123;
}
$x = new MyArrayObject([]);
var_dump($x->__serialize());
$x = new MySplDoublyLinkedList();
var_dump($x->__serialize());
$x = new MySplObjectStorage();
var_dump($x->__serialize());
?>
--EXPECTF--
array(4) {
[0]=>
int(1)
[1]=>
array(0) {
}
[2]=>
array(1) {
["%0MyArrayObject%0unused"]=>
int(123)
}
[3]=>
NULL
}
array(3) {
[0]=>
int(0)
[1]=>
array(0) {
}
[2]=>
array(1) {
["%0MySplDoublyLinkedList%0unused"]=>
int(123)
}
}
array(2) {
[0]=>
array(0) {
}
[1]=>
array(1) {
["%0MySplObjectStorage%0unused"]=>
int(123)
}
}
Did this file decode correctly?
Original Code
--TEST--
Serialization of properties should not deal INDIRECT entries to userland
--FILE--
<?php
class MyArrayObject extends ArrayObject {
private $unused = 123;
public function __construct(array $array)
{
parent::__construct($array, 1);
}
}
class MySplDoublyLinkedList extends SplDoublyLinkedList {
private $unused = 123;
}
class MySplObjectStorage extends SplObjectStorage {
private $unused = 123;
}
$x = new MyArrayObject([]);
var_dump($x->__serialize());
$x = new MySplDoublyLinkedList();
var_dump($x->__serialize());
$x = new MySplObjectStorage();
var_dump($x->__serialize());
?>
--EXPECTF--
array(4) {
[0]=>
int(1)
[1]=>
array(0) {
}
[2]=>
array(1) {
["%0MyArrayObject%0unused"]=>
int(123)
}
[3]=>
NULL
}
array(3) {
[0]=>
int(0)
[1]=>
array(0) {
}
[2]=>
array(1) {
["%0MySplDoublyLinkedList%0unused"]=>
int(123)
}
}
array(2) {
[0]=>
array(0) {
}
[1]=>
array(1) {
["%0MySplObjectStorage%0unused"]=>
int(123)
}
}
Function Calls
None |
Stats
MD5 | 7c06ff8f2b011cea97bb9e09c54fee49 |
Eval Count | 0 |
Decode Time | 87 ms |