diff options
| author | Sara Golemon <sgolemon@fb.com> | 2015-10-06 11:59:43 -0700 |
|---|---|---|
| committer | Sara Golemon <sgolemon@fb.com> | 2015-10-06 12:04:11 -0700 |
| commit | a2082b7c978bdafc5df2995c53ca00881377d4f0 (patch) | |
| tree | aa1ad7970b1b779d062787256ad3f6773d52c7eb | |
| parent | fb2c890c2c270f40c886b0123586e4cd10153251 (diff) | |
| download | php-git-a2082b7c978bdafc5df2995c53ca00881377d4f0.tar.gz | |
Add some tests for unserialize() class filtering
| -rw-r--r-- | ext/standard/tests/serialize/unserialize_error_001.phpt | 52 | ||||
| -rw-r--r-- | ext/standard/tests/serialize/unserialize_subclasses.phpt | 29 |
2 files changed, 81 insertions, 0 deletions
diff --git a/ext/standard/tests/serialize/unserialize_error_001.phpt b/ext/standard/tests/serialize/unserialize_error_001.phpt new file mode 100644 index 0000000000..5589cbd835 --- /dev/null +++ b/ext/standard/tests/serialize/unserialize_error_001.phpt @@ -0,0 +1,52 @@ +--TEST-- +Test unserialize() with non-bool/array allowed_classes +--FILE-- +<?php +class foo { + public $x = "bar"; +} +$z = array(new foo(), 2, "3"); +$s = serialize($z); + +var_dump(unserialize($s, ["allowed_classes" => null])); +var_dump(unserialize($s, ["allowed_classes" => 0])); +var_dump(unserialize($s, ["allowed_classes" => 1])); + +--EXPECTF-- +array(3) { + [0]=> + object(__PHP_Incomplete_Class)#%d (2) { + ["__PHP_Incomplete_Class_Name"]=> + string(3) "foo" + ["x"]=> + string(3) "bar" + } + [1]=> + int(2) + [2]=> + string(1) "3" +} +array(3) { + [0]=> + object(__PHP_Incomplete_Class)#%d (2) { + ["__PHP_Incomplete_Class_Name"]=> + string(3) "foo" + ["x"]=> + string(3) "bar" + } + [1]=> + int(2) + [2]=> + string(1) "3" +} +array(3) { + [0]=> + object(foo)#%d (1) { + ["x"]=> + string(3) "bar" + } + [1]=> + int(2) + [2]=> + string(1) "3" +} diff --git a/ext/standard/tests/serialize/unserialize_subclasses.phpt b/ext/standard/tests/serialize/unserialize_subclasses.phpt new file mode 100644 index 0000000000..1f2384f72b --- /dev/null +++ b/ext/standard/tests/serialize/unserialize_subclasses.phpt @@ -0,0 +1,29 @@ +--TEST-- +Test unserialize() with allowed_classes and subclasses +--FILE-- +<?php + +class C {} +class D extends C {} + +$c = serialize(new C); +$d = serialize(new D); + +var_dump(unserialize($c, ["allowed_classes" => ["C"]])); +var_dump(unserialize($c, ["allowed_classes" => ["D"]])); +var_dump(unserialize($d, ["allowed_classes" => ["C"]])); +var_dump(unserialize($d, ["allowed_classes" => ["D"]])); + +--EXPECTF-- +object(C)#%d (0) { +} +object(__PHP_Incomplete_Class)#%d (1) { + ["__PHP_Incomplete_Class_Name"]=> + string(1) "C" +} +object(__PHP_Incomplete_Class)#%d (1) { + ["__PHP_Incomplete_Class_Name"]=> + string(1) "D" +} +object(D)#%d (0) { +} |