|
| 1 | +--TEST-- |
| 2 | +Bug #67072 Echoing unserialized "SplFileObject" crash - BC break fixes |
| 3 | +--FILE-- |
| 4 | +<?php |
| 5 | +class MySplFileObject extends SplFileObject {} |
| 6 | +class MyArrayObject extends ArrayObject{ var $a = 1; } |
| 7 | +echo unserialize('O:15:"MySplFileObject":1:{s:9:"*filename";s:15:"/home/flag/flag";}'); |
| 8 | + |
| 9 | +function testClass($className) |
| 10 | +{ |
| 11 | + // simulate phpunit |
| 12 | + $object = unserialize(sprintf('O:%d:"%s":0:{}', strlen($className), $className)); |
| 13 | + return $object; |
| 14 | +} |
| 15 | + |
| 16 | +class MyClass {} |
| 17 | +class MyClassSer implements Serializable { |
| 18 | + function serialize() { return "";} |
| 19 | + function unserialize($data) { } |
| 20 | +} |
| 21 | +class MyClassSer2 extends MyClassSer { |
| 22 | +} |
| 23 | + |
| 24 | +$classes = array('stdClass', 'MyClass', 'MyClassSer', 'MyClassSer2', 'SplFileObject', 'MySplFileObject', |
| 25 | + 'SplObjectStorage', 'FooBar', 'Closure', 'ArrayObject', 'MyArrayObject', |
| 26 | + 'Directory' |
| 27 | + ); |
| 28 | +foreach($classes as $cl) { |
| 29 | + var_dump(testClass($cl)); |
| 30 | +} |
| 31 | + |
| 32 | +?> |
| 33 | +===DONE== |
| 34 | +--EXPECTF-- |
| 35 | +Warning: Erroneous data format for unserializing 'MySplFileObject' in %s on line 4 |
| 36 | + |
| 37 | +Notice: unserialize(): Error at offset 26 of 66 bytes in %s on line 4 |
| 38 | +object(stdClass)#%d (0) { |
| 39 | +} |
| 40 | +object(MyClass)#%d (0) { |
| 41 | +} |
| 42 | +object(MyClassSer)#%d (0) { |
| 43 | +} |
| 44 | +object(MyClassSer2)#%d (0) { |
| 45 | +} |
| 46 | + |
| 47 | +Warning: Erroneous data format for unserializing 'SplFileObject' in %s on line 9 |
| 48 | + |
| 49 | +Notice: unserialize(): Error at offset 24 of 25 bytes in %s on line 9 |
| 50 | +bool(false) |
| 51 | + |
| 52 | +Warning: Erroneous data format for unserializing 'MySplFileObject' in %s on line 9 |
| 53 | + |
| 54 | +Notice: unserialize(): Error at offset 26 of 27 bytes in %s on line 9 |
| 55 | +bool(false) |
| 56 | +object(SplObjectStorage)#%d (1) { |
| 57 | + ["storage":"SplObjectStorage":private]=> |
| 58 | + array(0) { |
| 59 | + } |
| 60 | +} |
| 61 | +object(__PHP_Incomplete_Class)#%d (1) { |
| 62 | + ["__PHP_Incomplete_Class_Name"]=> |
| 63 | + string(6) "FooBar" |
| 64 | +} |
| 65 | + |
| 66 | +Warning: Erroneous data format for unserializing 'Closure' in %s on line 9 |
| 67 | + |
| 68 | +Notice: unserialize(): Error at offset 17 of 18 bytes in %s on line 9 |
| 69 | +bool(false) |
| 70 | +object(ArrayObject)#%d (1) { |
| 71 | + ["storage":"ArrayObject":private]=> |
| 72 | + array(0) { |
| 73 | + } |
| 74 | +} |
| 75 | +object(MyArrayObject)#1 (2) { |
| 76 | + ["a"]=> |
| 77 | + int(1) |
| 78 | + ["storage":"ArrayObject":private]=> |
| 79 | + array(0) { |
| 80 | + } |
| 81 | +} |
| 82 | +object(Directory)#1 (0) { |
| 83 | +} |
| 84 | +===DONE== |
0 commit comments