<?php
$classNames = array(
"Foo", // userland class
"StdClass", // class defined by php-src, but still not considered as internal
"Bar", // userland class implementing Serializable
"ReflectionClass", // internal class
"ArrayObject", // internal class implementing Serializable
"Baz", // userland class extending internal class implementing Serializable
);
function instanitateWithoutConstructorThroughUnserialize($className) {
$class = new ReflectionClass($className);
try {
return unserialize(
sprintf(
'%s:%d:"%s":0:{}',
(version_compare(PHP_VERSION, '5.4', '>') && $class->implementsInterface("Serializable") ? "C" : "O"),
strlen($className),
$className
)
);
} catch (Exception $e) {
return $e;
}
}
function instanitateWithoutConstructorThroughReflection($className) {
try {
$ref = new ReflectionClass($className);
return $ref->newInstanceWithoutConstructor();
} catch (Exception $e) {
return $e;
}
}
class Foo {}
class Bar implements Serializable {
private $data;
public function serialize() {
return serialize($this->data);
}
public function unserialize($data) {
$this->data = unserialize($data);
}
}
class Baz extends ArrayObject {}
foreach($classNames as $className) {
echo "$className\n";
var_dump(instanitateWithoutConstructorThroughUnserialize($className));
if (version_compare(PHP_VERSION, '5.4.0') >= 0) {
var_dump(instanitateWithoutConstructorThroughReflection($className));
}
echo "\n";
}
- Output for 8.2.0 - 8.2.17, 8.3.0 - 8.3.4
- Deprecated: Bar implements the Serializable interface, which is deprecated. Implement __serialize() and __unserialize() instead (or in addition, if support for old PHP versions is necessary) in /in/M7ENe on line 39
Foo
object(Foo)#2 (0) {
}
object(Foo)#1 (0) {
}
StdClass
object(stdClass)#2 (0) {
}
object(stdClass)#1 (0) {
}
Bar
object(Bar)#2 (1) {
["data":"Bar":private]=>
bool(false)
}
object(Bar)#1 (1) {
["data":"Bar":private]=>
NULL
}
ReflectionClass
object(Exception)#2 (7) {
["message":protected]=>
string(51) "Unserialization of 'ReflectionClass' is not allowed"
["string":"Exception":private]=>
string(0) ""
["code":protected]=>
int(0)
["file":protected]=>
string(9) "/in/M7ENe"
["line":protected]=>
int(15)
["trace":"Exception":private]=>
array(2) {
[0]=>
array(4) {
["file"]=>
string(9) "/in/M7ENe"
["line"]=>
int(15)
["function"]=>
string(11) "unserialize"
["args"]=>
array(1) {
[0]=>
string(27) "O:15:"ReflectionClass":0:{}"
}
}
[1]=>
array(4) {
["file"]=>
string(9) "/in/M7ENe"
["line"]=>
int(55)
["function"]=>
string(47) "instanitateWithoutConstructorThroughUnserialize"
["args"]=>
array(1) {
[0]=>
string(15) "ReflectionClass"
}
}
}
["previous":"Exception":private]=>
NULL
}
object(ReflectionClass)#1 (0) {
["name"]=>
uninitialized(string)
}
ArrayObject
object(ArrayObject)#2 (1) {
["storage":"ArrayObject":private]=>
array(0) {
}
}
object(ArrayObject)#1 (1) {
["storage":"ArrayObject":private]=>
array(0) {
}
}
Baz
object(Baz)#2 (1) {
["storage":"ArrayObject":private]=>
array(0) {
}
}
object(Baz)#1 (1) {
["storage":"ArrayObject":private]=>
array(0) {
}
}
- Output for 8.1.0 - 8.1.27
- Deprecated: Bar implements the Serializable interface, which is deprecated. Implement __serialize() and __unserialize() instead (or in addition, if support for old PHP versions is necessary) in /in/M7ENe on line 39
Foo
object(Foo)#2 (0) {
}
object(Foo)#1 (0) {
}
StdClass
object(stdClass)#2 (0) {
}
object(stdClass)#1 (0) {
}
Bar
object(Bar)#2 (1) {
["data":"Bar":private]=>
bool(false)
}
object(Bar)#1 (1) {
["data":"Bar":private]=>
NULL
}
ReflectionClass
object(Exception)#2 (7) {
["message":protected]=>
string(51) "Unserialization of 'ReflectionClass' is not allowed"
["string":"Exception":private]=>
string(0) ""
["code":protected]=>
int(0)
["file":protected]=>
string(9) "/in/M7ENe"
["line":protected]=>
int(20)
["trace":"Exception":private]=>
array(2) {
[0]=>
array(4) {
["file"]=>
string(9) "/in/M7ENe"
["line"]=>
int(20)
["function"]=>
string(11) "unserialize"
["args"]=>
array(1) {
[0]=>
string(27) "O:15:"ReflectionClass":0:{}"
}
}
[1]=>
array(4) {
["file"]=>
string(9) "/in/M7ENe"
["line"]=>
int(55)
["function"]=>
string(47) "instanitateWithoutConstructorThroughUnserialize"
["args"]=>
array(1) {
[0]=>
string(15) "ReflectionClass"
}
}
}
["previous":"Exception":private]=>
NULL
}
object(ReflectionClass)#1 (0) {
["name"]=>
uninitialized(string)
}
ArrayObject
object(ArrayObject)#2 (1) {
["storage":"ArrayObject":private]=>
array(0) {
}
}
object(ArrayObject)#1 (1) {
["storage":"ArrayObject":private]=>
array(0) {
}
}
Baz
object(Baz)#2 (1) {
["storage":"ArrayObject":private]=>
array(0) {
}
}
object(Baz)#1 (1) {
["storage":"ArrayObject":private]=>
array(0) {
}
}
- Output for 7.4.0 - 7.4.33, 8.0.0 - 8.0.30
- Foo
object(Foo)#2 (0) {
}
object(Foo)#1 (0) {
}
StdClass
object(stdClass)#2 (0) {
}
object(stdClass)#1 (0) {
}
Bar
object(Bar)#2 (1) {
["data":"Bar":private]=>
bool(false)
}
object(Bar)#1 (1) {
["data":"Bar":private]=>
NULL
}
ReflectionClass
Warning: Erroneous data format for unserializing 'ReflectionClass' in /in/M7ENe on line 20
Notice: unserialize(): Error at offset 26 of 27 bytes in /in/M7ENe on line 20
bool(false)
object(ReflectionClass)#2 (1) {
["name"]=>
string(0) ""
}
ArrayObject
object(ArrayObject)#1 (1) {
["storage":"ArrayObject":private]=>
array(0) {
}
}
object(ArrayObject)#2 (1) {
["storage":"ArrayObject":private]=>
array(0) {
}
}
Baz
object(Baz)#1 (1) {
["storage":"ArrayObject":private]=>
array(0) {
}
}
object(Baz)#2 (1) {
["storage":"ArrayObject":private]=>
array(0) {
}
}
- Output for 5.6.8 - 5.6.28, 7.0.0 - 7.0.20, 7.1.0 - 7.1.33, 7.2.0 - 7.2.33, 7.3.0 - 7.3.33
- Foo
object(Foo)#2 (0) {
}
object(Foo)#1 (0) {
}
StdClass
object(stdClass)#2 (0) {
}
object(stdClass)#1 (0) {
}
Bar
object(Bar)#2 (1) {
["data":"Bar":private]=>
bool(false)
}
object(Bar)#1 (1) {
["data":"Bar":private]=>
NULL
}
ReflectionClass
object(ReflectionClass)#2 (1) {
["name"]=>
string(0) ""
}
object(ReflectionClass)#1 (1) {
["name"]=>
string(0) ""
}
ArrayObject
object(ArrayObject)#2 (1) {
["storage":"ArrayObject":private]=>
array(0) {
}
}
object(ArrayObject)#1 (1) {
["storage":"ArrayObject":private]=>
array(0) {
}
}
Baz
object(Baz)#2 (1) {
["storage":"ArrayObject":private]=>
array(0) {
}
}
object(Baz)#1 (1) {
["storage":"ArrayObject":private]=>
array(0) {
}
}
- Output for 5.4.14 - 5.4.45, 5.5.24 - 5.5.35
- Foo
object(Foo)#2 (0) {
}
object(Foo)#1 (0) {
}
StdClass
object(stdClass)#2 (0) {
}
object(stdClass)#1 (0) {
}
Bar
object(Bar)#2 (1) {
["data":"Bar":private]=>
bool(false)
}
object(Bar)#1 (1) {
["data":"Bar":private]=>
NULL
}
ReflectionClass
object(ReflectionClass)#2 (1) {
["name"]=>
string(0) ""
}
object(ReflectionException)#1 (7) {
["message":protected]=>
string(103) "Class ReflectionClass is an internal class that cannot be instantiated without invoking its constructor"
["string":"Exception":private]=>
string(0) ""
["code":protected]=>
int(0)
["file":protected]=>
string(9) "/in/M7ENe"
["line":protected]=>
int(31)
["trace":"Exception":private]=>
array(2) {
[0]=>
array(6) {
["file"]=>
string(9) "/in/M7ENe"
["line"]=>
int(31)
["function"]=>
string(29) "newInstanceWithoutConstructor"
["class"]=>
string(15) "ReflectionClass"
["type"]=>
string(2) "->"
["args"]=>
array(0) {
}
}
[1]=>
array(4) {
["file"]=>
string(9) "/in/M7ENe"
["line"]=>
int(57)
["function"]=>
string(46) "instanitateWithoutConstructorThroughReflection"
["args"]=>
array(1) {
[0]=>
string(15) "ReflectionClass"
}
}
}
["previous":"Exception":private]=>
NULL
}
ArrayObject
object(UnexpectedValueException)#3 (7) {
["message":protected]=>
string(39) "Empty serialized string cannot be empty"
["string":"Exception":private]=>
string(0) ""
["code":protected]=>
int(0)
["file":protected]=>
string(9) "/in/M7ENe"
["line":protected]=>
int(22)
["trace":"Exception":private]=>
array(3) {
[0]=>
array(4) {
["function"]=>
string(11) "unserialize"
["class"]=>
string(11) "ArrayObject"
["type"]=>
string(2) "->"
["args"]=>
array(1) {
[0]=>
string(0) ""
}
}
[1]=>
array(4) {
["file"]=>
string(9) "/in/M7ENe"
["line"]=>
int(22)
["function"]=>
string(11) "unserialize"
["args"]=>
array(1) {
[0]=>
string(23) "C:11:"ArrayObject":0:{}"
}
}
[2]=>
array(4) {
["file"]=>
string(9) "/in/M7ENe"
["line"]=>
int(55)
["function"]=>
string(47) "instanitateWithoutConstructorThroughUnserialize"
["args"]=>
array(1) {
[0]=>
string(11) "ArrayObject"
}
}
}
["previous":"Exception":private]=>
NULL
}
object(ReflectionException)#1 (7) {
["message":protected]=>
string(99) "Class ArrayObject is an internal class that cannot be instantiated without invoking its constructor"
["string":"Exception":private]=>
string(0) ""
["code":protected]=>
int(0)
["file":protected]=>
string(9) "/in/M7ENe"
["line":protected]=>
int(31)
["trace":"Exception":private]=>
array(2) {
[0]=>
array(6) {
["file"]=>
string(9) "/in/M7ENe"
["line"]=>
int(31)
["function"]=>
string(29) "newInstanceWithoutConstructor"
["class"]=>
string(15) "ReflectionClass"
["type"]=>
string(2) "->"
["args"]=>
array(0) {
}
}
[1]=>
array(4) {
["file"]=>
string(9) "/in/M7ENe"
["line"]=>
int(57)
["function"]=>
string(46) "instanitateWithoutConstructorThroughReflection"
["args"]=>
array(1) {
[0]=>
string(11) "ArrayObject"
}
}
}
["previous":"Exception":private]=>
NULL
}
Baz
object(UnexpectedValueException)#2 (7) {
["message":protected]=>
string(39) "Empty serialized string cannot be empty"
["string":"Exception":private]=>
string(0) ""
["code":protected]=>
int(0)
["file":protected]=>
string(9) "/in/M7ENe"
["line":protected]=>
int(22)
["trace":"Exception":private]=>
array(3) {
[0]=>
array(4) {
["function"]=>
string(11) "unserialize"
["class"]=>
string(11) "ArrayObject"
["type"]=>
string(2) "->"
["args"]=>
array(1) {
[0]=>
string(0) ""
}
}
[1]=>
array(4) {
["file"]=>
string(9) "/in/M7ENe"
["line"]=>
int(22)
["function"]=>
string(11) "unserialize"
["args"]=>
array(1) {
[0]=>
string(14) "C:3:"Baz":0:{}"
}
}
[2]=>
array(4) {
["file"]=>
string(9) "/in/M7ENe"
["line"]=>
int(55)
["function"]=>
string(47) "instanitateWithoutConstructorThroughUnserialize"
["args"]=>
array(1) {
[0]=>
string(3) "Baz"
}
}
}
["previous":"Exception":private]=>
NULL
}
object(ReflectionException)#1 (7) {
["message":protected]=>
string(91) "Class Baz is an internal class that cannot be instantiated without invoking its constructor"
["string":"Exception":private]=>
string(0) ""
["code":protected]=>
int(0)
["file":protected]=>
string(9) "/in/M7ENe"
["line":protected]=>
int(31)
["trace":"Exception":private]=>
array(2) {
[0]=>
array(6) {
["file"]=>
string(9) "/in/M7ENe"
["line"]=>
int(31)
["function"]=>
string(29) "newInstanceWithoutConstructor"
["class"]=>
string(15) "ReflectionClass"
["type"]=>
string(2) "->"
["args"]=>
array(0) {
}
}
[1]=>
array(4) {
["file"]=>
string(9) "/in/M7ENe"
["line"]=>
int(57)
["function"]=>
string(46) "instanitateWithoutConstructorThroughReflection"
["args"]=>
array(1) {
[0]=>
string(3) "Baz"
}
}
}
["previous":"Exception":private]=>
NULL
}
- Output for 5.4.0 - 5.4.13
- Foo
object(Foo)#2 (0) {
}
object(Foo)#1 (0) {
}
StdClass
object(stdClass)#2 (0) {
}
object(stdClass)#1 (0) {
}
Bar
object(Bar)#2 (1) {
["data":"Bar":private]=>
bool(false)
}
object(Bar)#1 (1) {
["data":"Bar":private]=>
NULL
}
ReflectionClass
object(ReflectionClass)#2 (1) {
["name"]=>
string(0) ""
}
object(ReflectionException)#1 (7) {
["message":protected]=>
string(103) "Class ReflectionClass is an internal class that cannot be instantiated without invoking its constructor"
["string":"Exception":private]=>
string(0) ""
["code":protected]=>
int(0)
["file":protected]=>
string(9) "/in/M7ENe"
["line":protected]=>
int(31)
["trace":"Exception":private]=>
array(2) {
[0]=>
array(6) {
["file"]=>
string(9) "/in/M7ENe"
["line"]=>
int(31)
["function"]=>
string(29) "newInstanceWithoutConstructor"
["class"]=>
string(15) "ReflectionClass"
["type"]=>
string(2) "->"
["args"]=>
array(0) {
}
}
[1]=>
array(4) {
["file"]=>
string(9) "/in/M7ENe"
["line"]=>
int(57)
["function"]=>
string(46) "instanitateWithoutConstructorThroughReflection"
["args"]=>
array(1) {
[0]=>
string(15) "ReflectionClass"
}
}
}
["previous":"Exception":private]=>
NULL
}
ArrayObject
Notice: unserialize(): Error at offset 22 of 23 bytes in /in/M7ENe on line 22
object(UnexpectedValueException)#3 (7) {
["message":protected]=>
string(39) "Empty serialized string cannot be empty"
["string":"Exception":private]=>
string(0) ""
["code":protected]=>
int(0)
["file":protected]=>
string(9) "/in/M7ENe"
["line":protected]=>
int(22)
["trace":"Exception":private]=>
array(3) {
[0]=>
array(4) {
["function"]=>
string(11) "unserialize"
["class"]=>
string(11) "ArrayObject"
["type"]=>
string(2) "->"
["args"]=>
array(1) {
[0]=>
string(0) ""
}
}
[1]=>
array(4) {
["file"]=>
string(9) "/in/M7ENe"
["line"]=>
int(22)
["function"]=>
string(11) "unserialize"
["args"]=>
array(1) {
[0]=>
string(23) "C:11:"ArrayObject":0:{}"
}
}
[2]=>
array(4) {
["file"]=>
string(9) "/in/M7ENe"
["line"]=>
int(55)
["function"]=>
string(47) "instanitateWithoutConstructorThroughUnserialize"
["args"]=>
array(1) {
[0]=>
string(11) "ArrayObject"
}
}
}
["previous":"Exception":private]=>
NULL
}
object(ReflectionException)#1 (7) {
["message":protected]=>
string(99) "Class ArrayObject is an internal class that cannot be instantiated without invoking its constructor"
["string":"Exception":private]=>
string(0) ""
["code":protected]=>
int(0)
["file":protected]=>
string(9) "/in/M7ENe"
["line":protected]=>
int(31)
["trace":"Exception":private]=>
array(2) {
[0]=>
array(6) {
["file"]=>
string(9) "/in/M7ENe"
["line"]=>
int(31)
["function"]=>
string(29) "newInstanceWithoutConstructor"
["class"]=>
string(15) "ReflectionClass"
["type"]=>
string(2) "->"
["args"]=>
array(0) {
}
}
[1]=>
array(4) {
["file"]=>
string(9) "/in/M7ENe"
["line"]=>
int(57)
["function"]=>
string(46) "instanitateWithoutConstructorThroughReflection"
["args"]=>
array(1) {
[0]=>
string(11) "ArrayObject"
}
}
}
["previous":"Exception":private]=>
NULL
}
Baz
Notice: unserialize(): Error at offset 13 of 14 bytes in /in/M7ENe on line 22
object(UnexpectedValueException)#2 (7) {
["message":protected]=>
string(39) "Empty serialized string cannot be empty"
["string":"Exception":private]=>
string(0) ""
["code":protected]=>
int(0)
["file":protected]=>
string(9) "/in/M7ENe"
["line":protected]=>
int(22)
["trace":"Exception":private]=>
array(3) {
[0]=>
array(4) {
["function"]=>
string(11) "unserialize"
["class"]=>
string(11) "ArrayObject"
["type"]=>
string(2) "->"
["args"]=>
array(1) {
[0]=>
string(0) ""
}
}
[1]=>
array(4) {
["file"]=>
string(9) "/in/M7ENe"
["line"]=>
int(22)
["function"]=>
string(11) "unserialize"
["args"]=>
array(1) {
[0]=>
string(14) "C:3:"Baz":0:{}"
}
}
[2]=>
array(4) {
["file"]=>
string(9) "/in/M7ENe"
["line"]=>
int(55)
["function"]=>
string(47) "instanitateWithoutConstructorThroughUnserialize"
["args"]=>
array(1) {
[0]=>
string(3) "Baz"
}
}
}
["previous":"Exception":private]=>
NULL
}
object(ReflectionException)#1 (7) {
["message":protected]=>
string(91) "Class Baz is an internal class that cannot be instantiated without invoking its constructor"
["string":"Exception":private]=>
string(0) ""
["code":protected]=>
int(0)
["file":protected]=>
string(9) "/in/M7ENe"
["line":protected]=>
int(31)
["trace":"Exception":private]=>
array(2) {
[0]=>
array(6) {
["file"]=>
string(9) "/in/M7ENe"
["line"]=>
int(31)
["function"]=>
string(29) "newInstanceWithoutConstructor"
["class"]=>
string(15) "ReflectionClass"
["type"]=>
string(2) "->"
["args"]=>
array(0) {
}
}
[1]=>
array(4) {
["file"]=>
string(9) "/in/M7ENe"
["line"]=>
int(57)
["function"]=>
string(46) "instanitateWithoutConstructorThroughReflection"
["args"]=>
array(1) {
[0]=>
string(3) "Baz"
}
}
}
["previous":"Exception":private]=>
NULL
}
- Output for 5.3.0 - 5.3.29
- Foo
object(Foo)#2 (0) {
}
StdClass
object(stdClass)#1 (0) {
}
Bar
object(Bar)#2 (1) {
["data":"Bar":private]=>
NULL
}
ReflectionClass
object(ReflectionClass)#1 (1) {
["name"]=>
string(0) ""
}
ArrayObject
object(ArrayObject)#2 (1) {
["storage":"ArrayObject":private]=>
array(0) {
}
}
Baz
object(Baz)#1 (1) {
["storage":"ArrayObject":private]=>
array(0) {
}
}
- Output for 5.1.0 - 5.1.6, 5.2.0 - 5.2.17
- Foo
object(Foo)#2 (0) {
}
StdClass
object(stdClass)#1 (0) {
}
Bar
object(Bar)#2 (1) {
["data:private"]=>
NULL
}
ReflectionClass
object(ReflectionClass)#1 (1) {
["name"]=>
string(0) ""
}
ArrayObject
object(ArrayObject)#2 (0) {
}
Baz
object(Baz)#1 (0) {
}
- Output for 5.0.5
- Fatal error: Interface 'Serializable' not found in /in/M7ENe on line 39
Process exited with code 255. - Output for 5.0.0 - 5.0.4
- Fatal error: Class 'Serializable' not found in /in/M7ENe on line 39
Process exited with code 255. - Output for 4.4.2 - 4.4.9
- Parse error: syntax error, unexpected '{' in /in/M7ENe on line 14
Process exited with code 255. - Output for 4.3.0 - 4.3.1, 4.3.5 - 4.3.11, 4.4.0 - 4.4.1
- Parse error: parse error, unexpected '{' in /in/M7ENe on line 14
Process exited with code 255. - Output for 4.3.2 - 4.3.4
- Parse error: parse error in /in/M7ENe on line 14
Process exited with code 255.
preferences:
274.74 ms | 401 KiB | 352 Q