diff options
author | Yasuo Ohgaki <yohgaki@php.net> | 2013-11-20 07:23:54 +0900 |
---|---|---|
committer | Yasuo Ohgaki <yohgaki@php.net> | 2013-11-20 07:23:54 +0900 |
commit | b8b92bd790d519dcd86d6472f806ab9663d89086 (patch) | |
tree | 65773167ab5785fe207e22c33bc8ef9b552389f8 | |
parent | 72a8489a12ff803cf7fc03ed911f2d530a8e89c8 (diff) | |
parent | 0d558afc057e5e939d6cab325b2ddf2c170f0103 (diff) | |
download | php-git-b8b92bd790d519dcd86d6472f806ab9663d89086.tar.gz |
Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
added a test to cover distinction between boolean return value of unserialize function and deserializing serialized boolean
-rw-r--r-- | ext/standard/tests/serialize/serialization_error_002.phpt | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/ext/standard/tests/serialize/serialization_error_002.phpt b/ext/standard/tests/serialize/serialization_error_002.phpt new file mode 100644 index 0000000000..6b4f6e376b --- /dev/null +++ b/ext/standard/tests/serialize/serialization_error_002.phpt @@ -0,0 +1,52 @@ +--TEST-- +Test unserialize(): error is indistinguishable from deserialized boolean +--FILE-- +<?php +/* Prototype : proto string serialize(mixed variable) + * Description: Returns a string representation of variable (which can later be unserialized) + * Source code: ext/standard/var.c + * Alias to functions: + */ +/* Prototype : proto mixed unserialize(string variable_representation) + * Description: Takes a string representation of variable and recreates it + * Source code: ext/standard/var.c + * Alias to functions: + */ + +echo "*** Testing unserialize() error/boolean distinction ***\n"; + +$garbage = "obvious non-serialized data"; +$serialized_false = serialize(false); + +var_dump($serialized_false); + +$deserialized_garbage = unserialize($garbage); +var_dump($deserialized_garbage); + +$deserialized_false = unserialize($serialized_false); +var_dump($deserialized_false); + +echo "unserialize error and deserialized false are identical? " . (bool) ($deserialized_false == $deserialized_garbage) . "\n"; + +// candidate safe idiom for determining whether data is serialized +function isSerialized($str) { + return ($str == serialize(false) || @unserialize($str) !== false); +} + +// Test unserialize error idiom +var_dump(isSerialized($garbage)); +var_dump(isSerialized($serialized_false)); + +echo "Done"; +?> +--EXPECTF-- +*** Testing unserialize() error/boolean distinction *** +string(4) "b:0;" + +Notice: unserialize(): Error at offset 0 of 27 bytes in %s/serialization_error_002.php on line 20 +bool(false) +bool(false) +unserialize error and deserialized false are identical? 1 +bool(false) +bool(true) +Done |