- var_dump: documentation ( source)
- unserialize: documentation ( source)
<?php
class Foo {
private $mVars;
public function generateVars() {
$this->mVars = [ 'x', 'y', 'z' ];
}
public function dumpVars() {
var_dump( $this->mVars );
}
}
// 1. Make mVars public, uncomment line 16, then eval.
$before = new Foo();
$before->generateVars();
// echo serialize($before) . "\n"; define('BEFORE', 1);
// 2. Insert the serialised text from first eval
$serialised = 'O:3:"Foo":1:{s:5:"mVars";a:3:{i:0;s:1:"x";i:1;s:1:"y";i:2;s:1:"z";}}';
// 3. Make mVars private, comment out line 16, then eval
$after = unserialize($serialised);
$after->dumpVars();