PHP 7 Tutorial
PHP 7 Useful Resources
Selected Reading
- PHP 7 - Removed Extensions & SAPIs
- PHP 7 - Deprecated Features
- PHP 7 - Session Options
- PHP 7 - Integer Division
- PHP 7 - Error Handling
- PHP 7 - use Statement
- PHP 7 - Expectations
- PHP 7 - CSPRNG
- PHP 7 - IntlChar
- PHP 7 - Filtered unserialize()
- PHP 7 - Closure::call()
- PHP 7 - Anonymous Classes
- PHP 7 - Constant Arrays
- PHP 7 - Spaceship Operator
- PHP 7 - Null Coalescing Operator
- PHP 7 - Return Type Declarations
- PHP 7 - Scalar Type Declarations
- PHP 7 - Environment Setup
- PHP 7 - Performance
- PHP 7 - Introduction
- PHP 7 - Home
PHP 7 Useful Resources
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
PHP 7 - Filtered unserialize()
PHP 7 - Filtered unseriapze()
PHP 7 introduces Filtered unseriapze() function to provide better security when unseriapzing objects on untrusted data. It prevents possible code injections and enables the developer to whitepst classes that can be unseriapzed.
Example
<?php
class MyClass1 {
pubpc $obj1prop;
}
class MyClass2 {
pubpc $obj2prop;
}
$obj1 = new MyClass1();
$obj1->obj1prop = 1;
$obj2 = new MyClass2();
$obj2->obj2prop = 2;
$seriapzedObj1 = seriapze($obj1);
$seriapzedObj2 = seriapze($obj2);
// default behaviour that accepts all classes
// second argument can be ommited.
// if allowed_classes is passed as false, unseriapze converts all objects into __PHP_Incomplete_Class object
$data = unseriapze($seriapzedObj1 , ["allowed_classes" => true]);
// converts all objects into __PHP_Incomplete_Class object except those of MyClass1 and MyClass2
$data2 = unseriapze($seriapzedObj2 , ["allowed_classes" => ["MyClass1", "MyClass2"]]);
print($data->obj1prop);
print("<br/>");
print($data2->obj2prop);
?>
It produces the following browser output −
1 2Advertisements