1--TEST-- 2Test unserialize() with extra data at the end of a valid value with Serializable 3--FILE-- 4<?php 5 6final class Foo implements Serializable { 7 public $foo; 8 9 public function unserialize(string $foo) 10 { 11 $this->foo = unserialize($foo); 12 } 13 14 public function serialize(): string 15 { 16 return serialize($this->foo) . 'garbage'; 17 } 18} 19 20$f = new Foo; 21$f->foo = ['a', 'b', 'c']; 22 23var_dump(unserialize(serialize($f) . 'garbage')); 24 25?> 26--EXPECTF-- 27Deprecated: Foo implements the Serializable interface, which is deprecated. Implement __serialize() and __unserialize() instead (or in addition, if support for old PHP versions is necessary) in %s on line %d 28 29Warning: unserialize(): Extra data starting at offset 42 of 49 bytes in %s on line %d 30 31Warning: unserialize(): Extra data starting at offset 64 of 71 bytes in %s on line %d 32object(Foo)#2 (1) { 33 ["foo"]=> 34 array(3) { 35 [0]=> 36 string(1) "a" 37 [1]=> 38 string(1) "b" 39 [2]=> 40 string(1) "c" 41 } 42} 43
