Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
--TEST-- Bug #72785: allowed_classes only applies to outermost unserialize() --FILE-- <?ph..
Decoded Output download
--TEST--
Bug #72785: allowed_classes only applies to outermost unserialize()
--FILE--
<?php
// Forbidden class
class A {}
$p = 'x:i:0;a:1:{i:0;O:1:"A":0:{}};m:a:0:{}';
$s = 'C:11:"ArrayObject":' . strlen($p) . ':{' . $p . '}';
var_dump(unserialize($s, ['allowed_classes' => ['ArrayObject']]));
?>
--EXPECT--
object(ArrayObject)#1 (1) {
["storage":"ArrayObject":private]=>
array(1) {
[0]=>
object(__PHP_Incomplete_Class)#2 (1) {
["__PHP_Incomplete_Class_Name"]=>
string(1) "A"
}
}
}
Did this file decode correctly?
Original Code
--TEST--
Bug #72785: allowed_classes only applies to outermost unserialize()
--FILE--
<?php
// Forbidden class
class A {}
$p = 'x:i:0;a:1:{i:0;O:1:"A":0:{}};m:a:0:{}';
$s = 'C:11:"ArrayObject":' . strlen($p) . ':{' . $p . '}';
var_dump(unserialize($s, ['allowed_classes' => ['ArrayObject']]));
?>
--EXPECT--
object(ArrayObject)#1 (1) {
["storage":"ArrayObject":private]=>
array(1) {
[0]=>
object(__PHP_Incomplete_Class)#2 (1) {
["__PHP_Incomplete_Class_Name"]=>
string(1) "A"
}
}
}
Function Calls
None |
Stats
MD5 | cbef879fa5a89a2d019a3197a730d7a8 |
Eval Count | 0 |
Decode Time | 103 ms |