PHP 7引入了Filtered unserialize()函数,以在对不受信任的数据上的对象进行反序列化时提供更好的安全性。
<?php class MyClass1 { public $obj1prop; } class MyClass2 { public $obj2prop; } $obj1=new MyClass1(); $obj1->obj1prop=1; $obj2=new MyClass2(); $obj2->obj2prop=2; $serializedObj1=serialize($obj1); $serializedObj2=serialize($obj2); //default behaviour that accepts all classes //second argument can be ommited. //if allowed_classes is passed as false, unserialize converts all objects into __PHP_Incomplete_Class object $data=unserialize($serializedObj1 , ["allowed_classes" => true]); //converts all objects into __PHP_Incomplete_Class object except those of MyClass1 and MyClass2 $data2=unserialize($serializedObj2 , ["allowed_classes" => ["MyClass1", "MyClass2"]]); print($data->obj1prop); print("<br/>"); print($data2->obj2prop); ?>
它产生以下浏览器输出-文章来源:https://www.toymoban.com/news/detail-683864.html
1 2
PHP - Filtered反序列化 - 无涯教程网无涯教程网提供PHP 7引入了Filtered unserialize() 函数,以在对不受信任的数据上的对象进行反序列化...https://www.learnfk.com/php7+/php7-filtered-unserialize.html文章来源地址https://www.toymoban.com/news/detail-683864.html
到了这里,关于无涯教程-PHP - Filtered反序列化的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!
