- preg_replace_callback: documentation ( source)
- mb_strlen: documentation ( source)
- unserialize: documentation ( source)
- var_export: documentation ( source)
<?php
$corrupted = <<<STRING
a:4:{i:0;s:3:"three";i:1;s:5:"five";i:2;s:2:"newline1
newline2";i:3;s:6:"garçon";}
STRING;
echo $corrupted;
echo "\n---\n";
echo "fails to allow newline characers:\n";
var_export(unserialize(preg_replace_callback('!s:(\d+):"(.*?)";!', function($m) { return 's:'.mb_strlen($m[2]).':"'.$m[2].'";'; }, $corrupted)));
echo "\n\nfails to appropriately count bytes:\n";
var_export(unserialize(preg_replace_callback('!s:(\d+):"(.*?)";!s', function($m) { return 's:'.mb_strlen($m[2]).':"'.$m[2].'";'; }, $corrupted)));
echo"\n---\n";
echo "USE THIS PATTERN WITH THIS REPLACEMENT:\n";
var_export(preg_replace_callback(
'/s:\d+:"(.*?)";/s',
function ($m) {
return "s:" . strlen($m[1]) . ":\"{$m[1]}\";";
},
$corrupted
));