1--TEST-- 2Test unserialize() with allowed_classes and subclasses 3--FILE-- 4<?php 5 6class C {} 7class D extends C {} 8 9$c = serialize(new C); 10$d = serialize(new D); 11 12var_dump(unserialize($c, ["allowed_classes" => ["C"]])); 13var_dump(unserialize($c, ["allowed_classes" => ["D"]])); 14var_dump(unserialize($d, ["allowed_classes" => ["C"]])); 15var_dump(unserialize($d, ["allowed_classes" => ["D"]])); 16--EXPECTF-- 17object(C)#%d (0) { 18} 19object(__PHP_Incomplete_Class)#%d (1) { 20 ["__PHP_Incomplete_Class_Name"]=> 21 string(1) "C" 22} 23object(__PHP_Incomplete_Class)#%d (1) { 24 ["__PHP_Incomplete_Class_Name"]=> 25 string(1) "D" 26} 27object(D)#%d (0) { 28} 29
