diff options
Diffstat (limited to 'ext/standard/tests/serialize/bug72785.phpt')
-rw-r--r-- | ext/standard/tests/serialize/bug72785.phpt | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/ext/standard/tests/serialize/bug72785.phpt b/ext/standard/tests/serialize/bug72785.phpt new file mode 100644 index 0000000000..8bcdf635f7 --- /dev/null +++ b/ext/standard/tests/serialize/bug72785.phpt @@ -0,0 +1,24 @@ +--TEST-- +Bug #72785: allowed_classes only applies to outermost unserialize() +--FILE-- +<?php + +// Forbidden class +class A {} + +$p = 'x:i:0;a:1:{i:0;O:1:"A":0:{}};m:a:0:{}'; +$s = 'C:11:"ArrayObject":' . strlen($p) . ':{' . $p . '}'; +var_dump(unserialize($s, ['allowed_classes' => ['ArrayObject']])); + +?> +--EXPECT-- +object(ArrayObject)#1 (1) { + ["storage":"ArrayObject":private]=> + array(1) { + [0]=> + object(__PHP_Incomplete_Class)#2 (1) { + ["__PHP_Incomplete_Class_Name"]=> + string(1) "A" + } + } +} |