diff options
author | Stanislav Malyshev <stas@php.net> | 2016-09-05 19:56:36 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2016-09-05 19:56:36 -0700 |
commit | 747d21cfd2a7414b8d5ace203524f61eab2b8323 (patch) | |
tree | 95f5dd2695455e6a6f4bf794c33a37bc635da5c4 /ext/standard/tests/serialize/bug72785.phpt | |
parent | 1928cdcacb3284658682d0cd68ac1ee3cf9cc653 (diff) | |
download | php-git-747d21cfd2a7414b8d5ace203524f61eab2b8323.tar.gz |
Fix bug #72785 - allowed_classes only applies to outermost unserialize()
Diffstat (limited to 'ext/standard/tests/serialize/bug72785.phpt')
-rw-r--r-- | ext/standard/tests/serialize/bug72785.phpt | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/ext/standard/tests/serialize/bug72785.phpt b/ext/standard/tests/serialize/bug72785.phpt new file mode 100644 index 0000000000..8bcdf635f7 --- /dev/null +++ b/ext/standard/tests/serialize/bug72785.phpt @@ -0,0 +1,24 @@ +--TEST-- +Bug #72785: allowed_classes only applies to outermost unserialize() +--FILE-- +<?php + +// Forbidden class +class A {} + +$p = 'x:i:0;a:1:{i:0;O:1:"A":0:{}};m:a:0:{}'; +$s = 'C:11:"ArrayObject":' . strlen($p) . ':{' . $p . '}'; +var_dump(unserialize($s, ['allowed_classes' => ['ArrayObject']])); + +?> +--EXPECT-- +object(ArrayObject)#1 (1) { + ["storage":"ArrayObject":private]=> + array(1) { + [0]=> + object(__PHP_Incomplete_Class)#2 (1) { + ["__PHP_Incomplete_Class_Name"]=> + string(1) "A" + } + } +} |