Skip to content

Instantly share code, notes, and snippets.

@dimarick dimarick/test.php Secret
Created Apr 21, 2015

Embed
What would you like to do?
Broken unserialize
<?php
class Role implements \Serializable
{
protected $id = 0;
protected $b = null;
public function __construct($id)
{
$this->id = $id;
}
public function serialize()
{
return serialize([$this->id, $this->b]);
}
public function unserialize($serialized)
{
list($this->id, $this->b) = unserialize($serialized);
}
}
class AbstractToken implements \Serializable
{
public $role1;
public $role2;
public function __construct($role)
{
$this->role1 = $role;
$this->role2 = $role;
}
public function serialize()
{
return serialize([$this->role1, $this->role2]);
}
public function unserialize($serialized)
{
list($this->role1, $this->role2) = unserialize($serialized);
}
}
class Token extends AbstractToken {
public $id;
public function __construct($id, $role)
{
$this->id = $id;
parent::__construct($role);
}
public function serialize()
{
return serialize([$this->id, parent::serialize()]);
}
public function unserialize($serialized)
{
list($this->id, $parentStr) = unserialize($serialized);
parent::unserialize($parentStr);
}
}
$token = new Token(1, new Role(1));
$s = serialize($token);
$broken = unserialize($s);
var_dump($token->role2);
var_dump($broken->role2);
exit;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.