1--TEST-- 2Bug #73367: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization 3--FILE-- 4<?php 5 6class obj { 7 var $ryat; 8 function __wakeup() { 9 $this->ryat = null; 10 echo "wakeup\n"; 11 throw new Exception("Not a serializable object"); 12 } 13 function __destruct() { 14 echo "dtor\n"; 15 if ($this->ryat == 1) { 16 echo "dtor ryat==1\n"; 17 } 18 } 19} 20 21$poc = 'O:3:"obj":2:{s:4:"ryat";i:1;i:0;O:3:"obj":1:{s:4:"ryat";R:1;}}'; 22try { 23 unserialize($poc); 24} catch (Exception $e) { 25 echo $e->getMessage(), "\n"; 26} 27 28?> 29--EXPECT-- 30wakeup 31Not a serializable object 32