1--TEST-- 2Bug #81111: Serialization is unexpectedly allowed on anonymous classes with __serialize() 3--FILE-- 4<?php 5 6class MySplFileInfo extends SplFileInfo { 7 public function __serialize() { return []; } 8 public function __unserialize($value) { return new self('file'); } 9} 10 11try { 12 serialize(new MySplFileInfo(__FILE__)); 13} catch (Exception $e) { 14 echo $e->getMessage(), "\n"; 15} 16 17$anon = new class () { 18 public function __serialize() { return []; } 19 public function __unserialize($value) { } 20}; 21 22try { 23 serialize($anon); 24} catch (Exception $e) { 25 echo $e->getMessage(), "\n"; 26} 27 28try { 29 unserialize("O:13:\"MySplFileInfo\":0:{}"); 30} catch (Exception $e) { 31 echo $e->getMessage(), "\n"; 32} 33try { 34 unserialize("C:13:\"MySplFileInfo\":0:{}"); 35} catch (Exception $e) { 36 echo $e->getMessage(), "\n"; 37} 38 39$name = $anon::class; 40try { 41 unserialize("O:" . strlen($name) . ":\"" . $name . "\":0:{}"); 42} catch (Exception $e) { 43 echo $e->getMessage(), "\n"; 44} 45 46?> 47--EXPECTF-- 48Serialization of 'MySplFileInfo' is not allowed 49Serialization of 'class@anonymous' is not allowed 50Unserialization of 'MySplFileInfo' is not allowed 51Unserialization of 'MySplFileInfo' is not allowed 52 53Notice: unserialize(): Error at offset 0 of %d bytes in %s on line %d 54