1--TEST-- 2Bug #70213: Unserialize context shared on double class lookup 3--FILE-- 4<?php 5 6ini_set('unserialize_callback_func', 'evil'); 7 8function evil() { 9 spl_autoload_register(function ($arg) { 10 var_dump(unserialize('R:1;')); 11 }); 12} 13 14var_dump(unserialize('a:2:{i:0;i:42;i:1;O:4:"evil":0:{}}')); 15 16?> 17--EXPECTF-- 18Warning: unserialize(): Error at offset 4 of 4 bytes in %s on line %d 19bool(false) 20 21Warning: unserialize(): Function evil() hasn't defined the class it was called for in %s on line %d 22array(2) { 23 [0]=> 24 int(42) 25 [1]=> 26 object(__PHP_Incomplete_Class)#2 (1) { 27 ["__PHP_Incomplete_Class_Name"]=> 28 string(4) "evil" 29 } 30} 31