--- /dev/null
+--TEST--
+Test unserialize() with non-bool/array allowed_classes
+--FILE--
+<?php
+class foo {
+ public $x = "bar";
+}
+$z = array(new foo(), 2, "3");
+$s = serialize($z);
+
+var_dump(unserialize($s, ["allowed_classes" => null]));
+var_dump(unserialize($s, ["allowed_classes" => 0]));
+var_dump(unserialize($s, ["allowed_classes" => 1]));
+
+--EXPECTF--
+array(3) {
+ [0]=>
+ object(__PHP_Incomplete_Class)#%d (2) {
+ ["__PHP_Incomplete_Class_Name"]=>
+ string(3) "foo"
+ ["x"]=>
+ string(3) "bar"
+ }
+ [1]=>
+ int(2)
+ [2]=>
+ string(1) "3"
+}
+array(3) {
+ [0]=>
+ object(__PHP_Incomplete_Class)#%d (2) {
+ ["__PHP_Incomplete_Class_Name"]=>
+ string(3) "foo"
+ ["x"]=>
+ string(3) "bar"
+ }
+ [1]=>
+ int(2)
+ [2]=>
+ string(1) "3"
+}
+array(3) {
+ [0]=>
+ object(foo)#%d (1) {
+ ["x"]=>
+ string(3) "bar"
+ }
+ [1]=>
+ int(2)
+ [2]=>
+ string(1) "3"
+}
--- /dev/null
+--TEST--
+Test unserialize() with allowed_classes and subclasses
+--FILE--
+<?php
+
+class C {}
+class D extends C {}
+
+$c = serialize(new C);
+$d = serialize(new D);
+
+var_dump(unserialize($c, ["allowed_classes" => ["C"]]));
+var_dump(unserialize($c, ["allowed_classes" => ["D"]]));
+var_dump(unserialize($d, ["allowed_classes" => ["C"]]));
+var_dump(unserialize($d, ["allowed_classes" => ["D"]]));
+
+--EXPECTF--
+object(C)#%d (0) {
+}
+object(__PHP_Incomplete_Class)#%d (1) {
+ ["__PHP_Incomplete_Class_Name"]=>
+ string(1) "C"
+}
+object(__PHP_Incomplete_Class)#%d (1) {
+ ["__PHP_Incomplete_Class_Name"]=>
+ string(1) "D"
+}
+object(D)#%d (0) {
+}
projects / php / commitdiff