1--TEST-- 2__serialize() mechanism (005): parent::__unserialize() is safe 3--FILE-- 4<?php 5 6class A { 7 private $data; 8 public function __construct(array $data) { 9 $this->data = $data; 10 } 11 public function __serialize() { 12 return $this->data; 13 } 14 public function __unserialize(array $data) { 15 $this->data = $data; 16 } 17} 18 19class B extends A { 20 private $data2; 21 public function __construct(array $data, array $data2) { 22 parent::__construct($data); 23 $this->data2 = $data2; 24 } 25 public function __serialize() { 26 return [$this->data2, parent::__serialize()]; 27 } 28 public function __unserialize(array $payload) { 29 [$data2, $data] = $payload; 30 parent::__unserialize($data); 31 $this->data2 = $data2; 32 } 33} 34 35$common = new stdClass; 36$obj = new B([$common], [$common]); 37var_dump($s = serialize($obj)); 38var_dump(unserialize($s)); 39 40?> 41--EXPECT-- 42string(63) "O:1:"B":2:{i:0;a:1:{i:0;O:8:"stdClass":0:{}}i:1;a:1:{i:0;r:3;}}" 43object(B)#3 (2) { 44 ["data2":"B":private]=> 45 array(1) { 46 [0]=> 47 object(stdClass)#4 (0) { 48 } 49 } 50 ["data":"A":private]=> 51 array(1) { 52 [0]=> 53 object(stdClass)#4 (0) { 54 } 55 } 56} 57
