mirror of
https://github.com/php/php-src.git
synced 2026-04-22 23:48:14 +02:00
Jeremy Mikola
858d0c0916
The deprecation message was originally introduced in 3e6b447 (#6494).
I first encountered this notice when testing the MongoDB extension
with PHP 8.1, which produced many duplicate messages that provided
no detail about the particular class that needed to be fixed.
Closes GH-7346.
31 lines
1003 B
PHP
31 lines
1003 B
PHP
--TEST--
|
|
Bug #72663: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization
|
|
--FILE--
|
|
<?php
|
|
class obj implements Serializable {
|
|
var $data;
|
|
function serialize() {
|
|
return serialize($this->data);
|
|
}
|
|
function unserialize($data) {
|
|
$this->data = unserialize($data);
|
|
}
|
|
}
|
|
|
|
$inner = 'a:1:{i:0;O:9:"Exception":2:{s:7:"'."\0".'*'."\0".'file";s:0:"";}';
|
|
$exploit = 'a:2:{i:0;C:3:"obj":'.strlen($inner).':{'.$inner.'}i:1;R:4;}';
|
|
|
|
var_dump(unserialize($exploit));
|
|
?>
|
|
DONE
|
|
--EXPECTF--
|
|
Deprecated: %s implements the Serializable interface, which is deprecated. Implement __serialize() and __unserialize() instead (or in addition, if support for old PHP versions is necessary) in %s on line %d
|
|
|
|
Notice: unserialize(): Unexpected end of serialized data in %sbug72663.php on line %d
|
|
|
|
Notice: unserialize(): Error at offset 49 of 50 bytes in %sbug72663.php on line %d
|
|
|
|
Notice: unserialize(): Error at offset 82 of 83 bytes in %sbug72663.php on line %d
|
|
bool(false)
|
|
DONE
|