1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
--TEST--
__serialize() freed on unserialize exception without calling destructor.
--SKIPIF--
<?php if (PHP_VERSION_ID < 70400) { echo "skip __serialize/__unserialize not supported in php < 7.4 for compatibility with serialize()"; } ?>
--FILE--
<?php
class Test {
public $prop;
public $prop2;
public function __serialize() {
return [0 => $this->prop, "value" => $this->prop2];
}
public function __unserialize(array $data) {
echo "In __unserialize Test\n";
$this->prop = $data[0];
$this->prop2 = $data['value'];
unset($data[0]);
unset($data['value']);
}
public function __destruct() {
echo "In __destruct Test\n";
}
}
$obj = new stdClass();
$testObj = new Test();
$testObj->prop = 123;
$testObj->prop2 = ['xyz'];
$obj->test = 'bar';
$obj->value = &$testObj;
var_dump(bin2hex($s = igbinary_serialize($obj)));
var_dump(igbinary_unserialize($s));
echo "Done\n";
?>
--EXPECT--
string(116) "000000021708737464436c61737314021104746573741103626172110576616c75652517045465737414020600067b0e0314010600110378797a"
In __unserialize Test
object(stdClass)#3 (2) {
["test"]=>
string(3) "bar"
["value"]=>
object(Test)#4 (2) {
["prop"]=>
int(123)
["prop2"]=>
array(1) {
[0]=>
string(3) "xyz"
}
}
}
In __destruct Test
Done
In __destruct Test
|
