PHP VERSION: 8.2.18
filtered_unserialize.php
<?php
// filtered unserialize
include __DIR__ . '/foo_bar_baz.php';
// all OK
var_dump(unserialize($serialized['foo']));
// __PHP__Incomplete_Class
var_dump(unserialize($serialized['foo'], ['allowed_classes' => FALSE]));
// works OK
var_dump(unserialize($serialized['foo'], ['allowed_classes' => ['Foo','Bar']]));
// error
var_dump(unserialize($serialized['baz'], ['allowed_classes' => ['Foo','Bar']]));
Output
object(Foo)#4 (1) {
["foo"]=>
string(3) "FOO"
}
object(__PHP_Incomplete_Class)#4 (2) {
["__PHP_Incomplete_Class_Name"]=>
string(3) "Foo"
["foo"]=>
string(3) "FOO"
}
object(Foo)#4 (1) {
["foo"]=>
string(3) "FOO"
}
object(__PHP_Incomplete_Class)#4 (2) {
["__PHP_Incomplete_Class_Name"]=>
string(3) "Baz"
["baz"]=>
string(3) "BAZ"
}
SOURCE CODE