1--TEST--
2Bug #67072 Echoing unserialized "SplFileObject" crash - BC break fixes
3--FILE--
4<?php
5class MySplFileObject extends SplFileObject {}
6class MyArrayObject extends ArrayObject{ var $a = 1; }
7echo unserialize('O:15:"MySplFileObject":1:{s:9:"*filename";s:15:"/home/flag/flag";}');
8
9function testClass($className)
10{
11    // simulate phpunit
12    $object = unserialize(sprintf('O:%d:"%s":0:{}', strlen($className), $className));
13    return $object;
14}
15
16class MyClass {}
17class MyClassSer implements Serializable {
18        function serialize() { return "";}
19        function unserialize($data) { }
20}
21class MyClassSer2 extends MyClassSer {
22}
23
24$classes = array('stdClass', 'MyClass', 'MyClassSer', 'MyClassSer2', 'SplFileObject', 'MySplFileObject',
25                 'SplObjectStorage', 'FooBar', 'Closure', 'ArrayObject', 'MyArrayObject',
26                 'Directory'
27             );
28foreach($classes as $cl) {
29        var_dump(testClass($cl));
30}
31
32?>
33===DONE==
34--EXPECTF--
35Warning: Erroneous data format for unserializing 'MySplFileObject' in %s on line 4
36
37Notice: unserialize(): Error at offset 26 of 66 bytes in %s on line 4
38object(stdClass)#%d (0) {
39}
40object(MyClass)#%d (0) {
41}
42object(MyClassSer)#%d (0) {
43}
44object(MyClassSer2)#%d (0) {
45}
46
47Warning: Erroneous data format for unserializing 'SplFileObject' in %s on line 9
48
49Notice: unserialize(): Error at offset 24 of 25 bytes in %s on line 9
50bool(false)
51
52Warning: Erroneous data format for unserializing 'MySplFileObject' in %s on line 9
53
54Notice: unserialize(): Error at offset 26 of 27 bytes in %s on line 9
55bool(false)
56object(SplObjectStorage)#%d (1) {
57  ["storage":"SplObjectStorage":private]=>
58  array(0) {
59  }
60}
61object(__PHP_Incomplete_Class)#%d (1) {
62  ["__PHP_Incomplete_Class_Name"]=>
63  string(6) "FooBar"
64}
65
66Warning: Erroneous data format for unserializing 'Closure' in %s on line 9
67
68Notice: unserialize(): Error at offset 17 of 18 bytes in %s on line 9
69bool(false)
70object(ArrayObject)#%d (1) {
71  ["storage":"ArrayObject":private]=>
72  array(0) {
73  }
74}
75object(MyArrayObject)#1 (2) {
76  ["a"]=>
77  int(1)
78  ["storage":"ArrayObject":private]=>
79  array(0) {
80  }
81}
82object(Directory)#1 (0) {
83}
84===DONE==
85