File: unserialize_extra_data_002.phpt

package info (click to toggle)
php8.4 8.4.11-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 208,108 kB
  • sloc: ansic: 1,060,628; php: 35,345; sh: 11,866; cpp: 7,201; pascal: 4,913; javascript: 3,091; asm: 2,810; yacc: 2,411; makefile: 689; xml: 446; python: 301; awk: 148
file content (42 lines) | stat: -rw-r--r-- 810 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
--TEST--
Test unserialize() with extra data at the end of a valid value with nested unserialize
--FILE--
<?php

final class Foo {
    public $foo;

    public function __unserialize(array $foo)
    {
        $this->foo = unserialize($foo['bar']);
    }

    public function __serialize(): array
    {
        return [
            'bar' => serialize($this->foo) . 'garbage',
        ];
    }
}

$f = new Foo;
$f->foo = ['a', 'b', 'c'];

var_dump(unserialize(serialize($f) . 'garbage'));

?>
--EXPECTF--
Warning: unserialize(): Extra data starting at offset 81 of 88 bytes in %s on line %d

Warning: unserialize(): Extra data starting at offset 42 of 49 bytes in %s on line %d
object(Foo)#2 (1) {
  ["foo"]=>
  array(3) {
    [0]=>
    string(1) "a"
    [1]=>
    string(1) "b"
    [2]=>
    string(1) "c"
  }
}