<?php
$classNames = array(
"Foo", // userland class
"StdClass", // class defined by php-src, but still not considered as internal
"ReflectionClass", // internal class
"ArrayObject", // internal class implementing Serializable
);
foreach($classNames as $className) {
var_dump(instanitateWithoutConstructorThroughUnserialize($className));
if (version_compare(PHP_VERSION, '5.3.0') > 0) {
var_dump(instanitateWithoutConstructorThroughReflection($className));
}
}
function instanitateWithoutConstructorThroughUnserialize($className) {
return unserialize(sprintf('O:%d:"%s":0:{}', strlen($className), $className));
}
function instanitateWithoutConstructorThroughReflection($className) {
try {
$ref = new ReflectionClass($className);
return $ref->newInstanceWithoutConstructor();
} catch (ReflectionException $e) {
return $e;
}
}
class Foo {}
object(Foo)#1 (0) {
}
object(Foo)#2 (0) {
}
object(stdClass)#2 (0) {
}
object(stdClass)#1 (0) {
}
Fatal error: Uncaught Exception: Unserialization of 'ReflectionClass' is not allowed in /in/o08hk:18
Stack trace:
#0 /in/o08hk(18): unserialize('O:15:"Reflectio...')
#1 /in/o08hk(11): instanitateWithoutConstructorThroughUnserialize('ReflectionClass')
#2 {main}
thrown in /in/o08hk on line 18
Process exited with code 255.
Output for 7.4.0 - 7.4.33, 8.0.0 - 8.0.30
object(Foo)#1 (0) {
}
object(Foo)#2 (0) {
}
object(stdClass)#2 (0) {
}
object(stdClass)#1 (0) {
}
Warning: Erroneous data format for unserializing 'ReflectionClass' in /in/o08hk on line 18
Notice: unserialize(): Error at offset 26 of 27 bytes in /in/o08hk on line 18
bool(false)
object(ReflectionClass)#2 (1) {
["name"]=>
string(0) ""
}
Fatal error: Uncaught UnexpectedValueException: Incomplete or ill-typed serialization data in /in/o08hk:18
Stack trace:
#0 [internal function]: ArrayObject->__unserialize(Array)
#1 /in/o08hk(18): unserialize('O:11:"ArrayObje...')
#2 /in/o08hk(11): instanitateWithoutConstructorThroughUnserialize('ArrayObject')
#3 {main}
thrown in /in/o08hk on line 18
Process exited with code 255.
Output for 7.3.32 - 7.3.33
object(Foo)#1 (0) {
}
object(Foo)#2 (0) {
}
object(stdClass)#2 (0) {
}
object(stdClass)#1 (0) {
}
object(ReflectionClass)#1 (1) {
["name"]=>
string(0) ""
}
object(ReflectionClass)#2 (1) {
["name"]=>
string(0) ""
}
Warning: Erroneous data format for unserializing 'ArrayObject' in /in/o08hk on line 18
bool(false)
object(ArrayObject)#1 (1) {
["storage":"ArrayObject":private]=>
array(0) {
}
}
object(Foo)#1 (0) {
}
object(Foo)#2 (0) {
}
object(stdClass)#2 (0) {
}
object(stdClass)#1 (0) {
}
object(ReflectionClass)#1 (1) {
["name"]=>
string(0) ""
}
object(ReflectionException)#2 (7) {
["message":protected]=>
string(103) "Class ReflectionClass is an internal class that cannot be instantiated without invoking its constructor"
["string":"Exception":private]=>
string(0) ""
["code":protected]=>
int(0)
["file":protected]=>
string(9) "/in/o08hk"
["line":protected]=>
int(24)
["trace":"Exception":private]=>
array(2) {
[0]=>
array(6) {
["file"]=>
string(9) "/in/o08hk"
["line"]=>
int(24)
["function"]=>
string(29) "newInstanceWithoutConstructor"
["class"]=>
string(15) "ReflectionClass"
["type"]=>
string(2) "->"
["args"]=>
array(0) {
}
}
[1]=>
array(4) {
["file"]=>
string(9) "/in/o08hk"
["line"]=>
int(13)
["function"]=>
string(46) "instanitateWithoutConstructorThroughReflection"
["args"]=>
array(1) {
[0]=>
string(15) "ReflectionClass"
}
}
}
["previous":"Exception":private]=>
NULL
}
Warning: Erroneous data format for unserializing 'ArrayObject' in /in/o08hk on line 18
Notice: unserialize(): Error at offset 22 of 23 bytes in /in/o08hk on line 18
bool(false)
object(ReflectionException)#1 (7) {
["message":protected]=>
string(99) "Class ArrayObject is an internal class that cannot be instantiated without invoking its constructor"
["string":"Exception":private]=>
string(0) ""
["code":protected]=>
int(0)
["file":protected]=>
string(9) "/in/o08hk"
["line":protected]=>
int(24)
["trace":"Exception":private]=>
array(2) {
[0]=>
array(6) {
["file"]=>
string(9) "/in/o08hk"
["line"]=>
int(24)
["function"]=>
string(29) "newInstanceWithoutConstructor"
["class"]=>
string(15) "ReflectionClass"
["type"]=>
string(2) "->"
["args"]=>
array(0) {
}
}
[1]=>
array(4) {
["file"]=>
string(9) "/in/o08hk"
["line"]=>
int(13)
["function"]=>
string(46) "instanitateWithoutConstructorThroughReflection"
["args"]=>
array(1) {
[0]=>
string(11) "ArrayObject"
}
}
}
["previous":"Exception":private]=>
NULL
}
Output for 5.3.1 - 5.3.29
object(Foo)#1 (0) {
}
Fatal error: Call to undefined method ReflectionClass::newInstanceWithoutConstructor() in /in/o08hk on line 24
Process exited with code 255.