1--TEST-- 2Test unserialize(): error is indistinguishable from deserialized boolean 3--FILE-- 4<?php 5/* Prototype : proto string serialize(mixed variable) 6 * Description: Returns a string representation of variable (which can later be unserialized) 7 * Source code: ext/standard/var.c 8 * Alias to functions: 9 */ 10/* Prototype : proto mixed unserialize(string variable_representation) 11 * Description: Takes a string representation of variable and recreates it 12 * Source code: ext/standard/var.c 13 * Alias to functions: 14 */ 15 16echo "*** Testing unserialize() error/boolean distinction ***\n"; 17 18$garbage = "obvious non-serialized data"; 19$serialized_false = serialize(false); 20 21var_dump($serialized_false); 22 23$deserialized_garbage = unserialize($garbage); 24var_dump($deserialized_garbage); 25 26$deserialized_false = unserialize($serialized_false); 27var_dump($deserialized_false); 28 29echo "unserialize error and deserialized false are identical? " . (bool) ($deserialized_false == $deserialized_garbage) . "\n"; 30 31// candidate safe idiom for determining whether data is serialized 32function isSerialized($str) { 33 return ($str == serialize(false) || @unserialize($str) !== false); 34} 35 36// Test unserialize error idiom 37var_dump(isSerialized($garbage)); 38var_dump(isSerialized($serialized_false)); 39 40echo "Done"; 41?> 42--EXPECTF-- 43*** Testing unserialize() error/boolean distinction *** 44string(4) "b:0;" 45 46Notice: unserialize(): Error at offset 0 of 27 bytes in %s%eserialization_error_002.php on line 20 47bool(false) 48bool(false) 49unserialize error and deserialized false are identical? 1 50bool(false) 51bool(true) 52Done 53
