mirror of
https://github.com/php/php-src.git
synced 2026-03-24 16:22:37 +01:00
11648c00e9
The object hash is not particularly useful (anymore) and just clutters the output. It encodes the same information as the object ID, which is already part of the output.
50 lines
1.1 KiB
PHP
50 lines
1.1 KiB
PHP
--TEST--
|
|
SPL: Test that serialized blob contains unique elements (CVE-2010-2225)
|
|
--FILE--
|
|
<?php
|
|
|
|
$badblobs = array(
|
|
'x:i:2;i:0;,i:1;;i:0;,i:2;;m:a:0:{}',
|
|
'x:i:3;O:8:"stdClass":0:{},O:8:"stdClass":0:{};R:2;,i:1;;O:8:"stdClass":0:{},r:2;;m:a:0:{}',
|
|
'x:i:3;O:8:"stdClass":0:{},O:8:"stdClass":0:{};r:2;,i:1;;O:8:"stdClass":0:{},r:2;;m:a:0:{}',
|
|
'x:i:1;O:8:"stdClass":0:{},N;;m:s:40:"1234567890123456789012345678901234567890"',
|
|
);
|
|
foreach($badblobs as $blob) {
|
|
try {
|
|
$so = new SplObjectStorage();
|
|
$so->unserialize($blob);
|
|
var_dump($so);
|
|
} catch(UnexpectedValueException $e) {
|
|
echo $e->getMessage()."\n";
|
|
}
|
|
}
|
|
echo "DONE\n";
|
|
?>
|
|
--EXPECT--
|
|
Error at offset 6 of 34 bytes
|
|
Error at offset 46 of 89 bytes
|
|
object(SplObjectStorage)#2 (1) {
|
|
["storage":"SplObjectStorage":private]=>
|
|
array(2) {
|
|
[0]=>
|
|
array(2) {
|
|
["obj"]=>
|
|
object(stdClass)#3 (0) {
|
|
}
|
|
["inf"]=>
|
|
int(1)
|
|
}
|
|
[1]=>
|
|
array(2) {
|
|
["obj"]=>
|
|
object(stdClass)#1 (0) {
|
|
}
|
|
["inf"]=>
|
|
object(stdClass)#3 (0) {
|
|
}
|
|
}
|
|
}
|
|
}
|
|
Error at offset 78 of 78 bytes
|
|
DONE
|