1--TEST-- 2Test unserialize(): error is indistinguishable from deserialized boolean 3--FILE-- 4<?php 5echo "*** Testing unserialize() error/boolean distinction ***\n"; 6 7$garbage = "obvious non-serialized data"; 8$serialized_false = serialize(false); 9 10var_dump($serialized_false); 11 12$deserialized_garbage = unserialize($garbage); 13var_dump($deserialized_garbage); 14 15$deserialized_false = unserialize($serialized_false); 16var_dump($deserialized_false); 17 18echo "unserialize error and deserialized false are identical? " . (bool) ($deserialized_false == $deserialized_garbage) . "\n"; 19 20// candidate safe idiom for determining whether data is serialized 21function isSerialized($str) { 22 return ($str == serialize(false) || @unserialize($str) !== false); 23} 24 25// Test unserialize error idiom 26var_dump(isSerialized($garbage)); 27var_dump(isSerialized($serialized_false)); 28 29echo "Done"; 30?> 31--EXPECTF-- 32*** Testing unserialize() error/boolean distinction *** 33string(4) "b:0;" 34 35Notice: unserialize(): Error at offset 0 of 27 bytes in %s on line %d 36bool(false) 37bool(false) 38unserialize error and deserialized false are identical? 1 39bool(false) 40bool(true) 41Done 42
