Unserialize as of php 5.6

I have difficulty to understand this http://php.net/manual/en/function.unserialize.php#refsect1-function.unserialize-changelog
please clarify with example.

Sorry, but an example of what?

What problems are you having with your code?

please just clarify what they mean by that statement at all? please clarify with example what they mean!

There are examples on that page. So what exactly don’t you understand in the examples?

Your question is far too broad, and there are other resources which have covered this topic in depth, so unless you can give a more specific question, I’m not sure how much people are going to be willing to delve into such a broad topic.

please clarify this statement:

Manipulating the serialised data by replacing C: with O: to force object instantiation without calling the constructor will now fail.

if possible give example to explain that statement too.

Theory 1:

You could take a serialized class and turn it into an object (think stdobject) previously. This now fails. Instead it requires you to unserialize back to a class.

Theory 2:

A class with an overriden constructor could be unserialized into an object and not invoke the constructor logic, thus creating an object whose state may be invalid. By not permitting this, it requires the constructor to execute providing a consistent state when the object get unserialized.

I have no idea which is correct or if both are for that matter. You would have to find the bug report that lead to the change and go from there.

Thanks got it.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.