Created

Embed URL

HTTPS clone URL

SSH clone URL

You can clone with HTTPS or SSH.

Download Gist

PHP is_serialized() function.

View is_serialized.php
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112
<?php
/**
* This program is free software. It comes without any warranty, to
* the extent permitted by applicable law. You can redistribute it
* and/or modify it under the terms of the Do What The Fuck You Want
* To Public License, Version 2, as published by Sam Hocevar. See
* http://sam.zoy.org/wtfpl/COPYING for more details.
*/
/**
* Tests if an input is valid PHP serialized string.
*
* Checks if a string is serialized using quick string manipulation
* to throw out obviously incorrect strings. Unserialize is then run
* on the string to perform the final verification.
*
* Valid serialized forms are the following:
* <ul>
* <li>boolean: <code>b:1;</code></li>
* <li>integer: <code>i:1;</code></li>
* <li>double: <code>d:0.2;</code></li>
* <li>string: <code>s:4:"test";</code></li>
* <li>array: <code>a:3:{i:0;i:1;i:1;i:2;i:2;i:3;}</code></li>
* <li>object: <code>O:8:"stdClass":0:{}</code></li>
* <li>null: <code>N;</code></li>
* </ul>
*
* @author Chris Smith <code+php@chris.cs278.org>
* @copyright Copyright (c) 2009 Chris Smith (http://www.cs278.org/)
* @license http://sam.zoy.org/wtfpl/ WTFPL
* @param string $value Value to test for serialized form
* @param mixed $result Result of unserialize() of the $value
* @return boolean True if $value is serialized data, otherwise false
*/
function is_serialized($value, &$result = null)
{
// Bit of a give away this one
if (!is_string($value))
{
return false;
}
// Serialized false, return true. unserialize() returns false on an
// invalid string or it could return false if the string is serialized
// false, eliminate that possibility.
if ($value === 'b:0;')
{
$result = false;
return true;
}
$length = strlen($value);
$end = '';
switch ($value[0])
{
case 's':
if ($value[$length - 2] !== '"')
{
return false;
}
case 'b':
case 'i':
case 'd':
// This looks odd but it is quicker than isset()ing
$end .= ';';
case 'a':
case 'O':
$end .= '}';
if ($value[1] !== ':')
{
return false;
}
switch ($value[2])
{
case 0:
case 1:
case 2:
case 3:
case 4:
case 5:
case 6:
case 7:
case 8:
case 9:
break;
default:
return false;
}
case 'N':
$end .= ';';
if ($value[$length - 1] !== $end[0])
{
return false;
}
break;
default:
return false;
}
if (($result = @unserialize($value)) === false)
{
$result = null;
return false;
}
return true;
}

great work ... testing it

nice work!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.