Search by 
nokitakaze / serializer
Safe serialization
v0.1.1
2018-02-14 16:40 UTC
Requires
- php: ^5.6 | ^7.0.9
- ext-json: *
Requires (Dev)
- phpbench/phpbench: ^0.13
- phpunit/phpunit: ^5.5 | ^4.6
This package is not auto-updated.
Last update: 2024-10-27 05:41:34 UTC
README
Remote code execution via PHP unserialize. Official documentation says
DO NOT pass untrusted user input to unserialize() regardless of the options value of allowed_classes. Unserialization can result in code being loaded and executed due to object instantiation and autoloading, and a malicious user may be able to exploit this
But JSON does not implement data as PHP does. I.e. JSON does not support [1=>2,3=>4,"a"=>5,"and"=>"so"].
Current status
General
Usage
At first
composer require nokitakaze/serializer
And then
require_once 'vendor/autoload.php'; $text = NokitaKaze\Serializer\Serializer::serialize($data); $data = NokitaKaze\Serializer\Serializer::unserialize($text, $is_valid);