<?php
//phpinfo();
$dp = new DatePeriod(new DateTime('2010-01-01 UTC'), new DateInterval('P1D'), 2);
echo "Original:\r\n";
foreach($dp as $dt) {
echo $dt->format('Y-m-d H:i:s')."\r\n";
}
echo "\r\n";
$ser = serialize($dp); // $ser is: O:10:"DatePeriod":0:{}
// Create dangerous instance
$dpu = unserialize($ser); // $dpu has invalid values…
echo "Unserialized:\r\n";
// …which leads to CRASH:
foreach($dpu as $dt) {
echo $dt->format('Y-m-d H:i:s')."\r\n";
}
- Output for 5.3.27 - 5.3.29, 5.4.17 - 5.4.45, 5.5.0 - 5.5.38, 5.6.0 - 5.6.40, 7.0.0 - 7.0.33, 7.1.0 - 7.1.33, 7.2.0 - 7.2.33, 7.3.0 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30, 8.1.0 - 8.1.27, 8.2.0 - 8.2.17, 8.3.0 - 8.3.4
- Original:
2010-01-01 00:00:00
2010-01-02 00:00:00
2010-01-03 00:00:00
Unserialized:
2010-01-01 00:00:00
2010-01-02 00:00:00
2010-01-03 00:00:00
- Output for 5.3.0 - 5.3.26, 5.4.0 - 5.4.16
- Original:
2010-01-01 00:00:00
2010-01-02 00:00:00
2010-01-03 00:00:00
Unserialized:
Process exited with code 139. - Output for 5.0.0 - 5.0.5, 5.1.0 - 5.1.6, 5.2.0 - 5.2.17
- Fatal error: Class 'DatePeriod' not found in /in/oD2PI on line 5
Process exited with code 255. - Output for 4.3.2 - 4.3.11, 4.4.0 - 4.4.9
- Fatal error: Cannot instantiate non-existent class: dateperiod in /in/oD2PI on line 5
Process exited with code 255. - Output for 4.3.0 - 4.3.1
- Fatal error: Cannot instantiate non-existent class: dateperiod in /in/oD2PI on line 5
preferences:
294.41 ms | 401 KiB | 453 Q