1--TEST-- 2Test unserialize() with second parameter 3--FILE-- 4<?php 5class foo { 6 public $x = "bar"; 7} 8$z = array(new foo(), 2, "3"); 9$s = serialize($z); 10 11var_dump(unserialize($s)); 12var_dump(unserialize($s, ["allowed_classes" => false])); 13var_dump(unserialize($s, ["allowed_classes" => true])); 14var_dump(unserialize($s, ["allowed_classes" => ["bar"]])); 15var_dump(unserialize($s, ["allowed_classes" => ["FOO"]])); 16var_dump(unserialize($s, ["allowed_classes" => ["bar", "foO"]])); 17 18--EXPECTF-- 19array(3) { 20 [0]=> 21 object(foo)#%d (1) { 22 ["x"]=> 23 string(3) "bar" 24 } 25 [1]=> 26 int(2) 27 [2]=> 28 string(1) "3" 29} 30array(3) { 31 [0]=> 32 object(__PHP_Incomplete_Class)#%d (2) { 33 ["__PHP_Incomplete_Class_Name"]=> 34 string(3) "foo" 35 ["x"]=> 36 string(3) "bar" 37 } 38 [1]=> 39 int(2) 40 [2]=> 41 string(1) "3" 42} 43array(3) { 44 [0]=> 45 object(foo)#%d (1) { 46 ["x"]=> 47 string(3) "bar" 48 } 49 [1]=> 50 int(2) 51 [2]=> 52 string(1) "3" 53} 54array(3) { 55 [0]=> 56 object(__PHP_Incomplete_Class)#%d (2) { 57 ["__PHP_Incomplete_Class_Name"]=> 58 string(3) "foo" 59 ["x"]=> 60 string(3) "bar" 61 } 62 [1]=> 63 int(2) 64 [2]=> 65 string(1) "3" 66} 67array(3) { 68 [0]=> 69 object(foo)#%d (1) { 70 ["x"]=> 71 string(3) "bar" 72 } 73 [1]=> 74 int(2) 75 [2]=> 76 string(1) "3" 77} 78array(3) { 79 [0]=> 80 object(foo)#%d (1) { 81 ["x"]=> 82 string(3) "bar" 83 } 84 [1]=> 85 int(2) 86 [2]=> 87 string(1) "3" 88} 89