nokitakaze/serializer

Safe serialization

v0.1.1 2018-02-14 16:40 UTC

This package is not auto-updated.

Last update: 2024-03-17 02:15:22 UTC


README

Remote code execution via PHP unserialize. Official documentation says

DO NOT pass untrusted user input to unserialize() regardless of the options value of allowed_classes. Unserialization can result in code being loaded and executed due to object instantiation and autoloading, and a malicious user may be able to exploit this

But JSON does not implement data as PHP does. I.e. JSON does not support [1=>2,3=>4,"a"=>5,"and"=>"so"].

Current status

General

Build Status Scrutinizer Code Quality Code Coverage

Usage

At first

composer require nokitakaze/serializer

And then

require_once 'vendor/autoload.php';
$text = NokitaKaze\Serializer\Serializer::serialize($data);
$data = NokitaKaze\Serializer\Serializer::unserialize($text, $is_valid);