第七色在线视频,2021少妇久久久久久久久久,亚洲欧洲精品成人久久av18,亚洲国产精品特色大片观看完整版,孙宇晨将参加特朗普的晚宴

為了賬號(hào)安全,請(qǐng)及時(shí)綁定郵箱和手機(jī)立即綁定
已解決430363個(gè)問題,去搜搜看,總會(huì)有你想問的

PHP手冊(cè)中從5.5升級(jí)到5.6 unserialize函數(shù)怎么解釋

PHP手冊(cè)中從5.5升級(jí)到5.6 unserialize函數(shù)怎么解釋

PHP
呼啦一陣風(fēng) 2019-03-18 18:10:13
PHP手冊(cè)中從5.5升級(jí)到5.6 unserialize的變更是這樣寫的: unserialize() will now fail if passed serialised data that has been manipulated to attempt to instantiate an object without calling its constructor. 英文比較差想知道是什么意思,傳入的數(shù)據(jù)是序列化過的沒有調(diào)用過constructor的對(duì)象? 我度過這樣的代碼,但沒報(bào)錯(cuò): class A{ } $reClass = new ReflectionClass('A'); $b = $reClass->newInstanceWithoutConstructor(); echo '<pre>'; print_r(unserialize(serialize($reClass))); die;
查看完整描述

1 回答

?
哈士奇WWW

TA貢獻(xiàn)1799條經(jīng)驗(yàn) 獲得超6個(gè)贊

這個(gè)問題其實(shí)是和序列化接口相關(guān)的一個(gè)修改。

5.6的更新日志里有寫

5.6.0 Manipulating the serialised data by replacing C: with O: to force object instantiation without calling the constructor will now fail.

大意就是說,5.6不允許將修改已經(jīng)序列化數(shù)據(jù)中的C:改為O:來(lái)避免調(diào)用類中生成器。

我們寫一個(gè)類來(lái)了解這是什么意思,首先我們?cè)赑HP5.3中實(shí)現(xiàn)一個(gè)繼承序列化接口的類

class obj implements Serializable {
    public $data;
    public function __construct() {
        $this->data = "My private data";
    }
    public function serialize() {
        return serialize($this->data);
    }
    public function unserialize($data) {
        echo 'test';
    }
}
  
$test = new obj();
echo serialize($test);//輸出C:3:"obj":23:{s:15:"My private data";}

var_dump(unserialize('C:3:"obj":23:{s:15:"My private data";}'));//調(diào)用unserialize方法,輸出test
var_dump(unserialize('O:3:"obj":1:{s:4:"data";s:15:"My private data";}'));//沒有調(diào)用unserialize方法,沒有輸出

接下來(lái)我們?cè)?.6中實(shí)驗(yàn)相同的代碼

class obj implements Serializable {
    public $data;
    public function __construct() {
        $this->data = "My private data";
    }
    public function serialize() {
        return serialize($this->data);
    }
    public function unserialize($data) {
        echo 'test';
    }
}

$test = new obj();
echo serialize($test);//輸出C:3:"obj":23:{s:15:"My private data";}

var_dump(unserialize('C:3:"obj":23:{s:15:"My private data";}'));//調(diào)用unserialize方法,輸出test
var_dump(unserialize('O:3:"obj":1:{s:4:"data";s:15:"My private data";}'));//拋出了一個(gè)Warning,PHP Warning:  Erroneous data format for unserializing 'obj'

所以其實(shí)這個(gè)更新的意思就是說,不能靠修改序列化的數(shù)據(jù),在不調(diào)用對(duì)象構(gòu)造器的情況下實(shí)例化對(duì)象

查看完整回答
反對(duì) 回復(fù) 2019-03-18
  • 1 回答
  • 0 關(guān)注
  • 527 瀏覽

添加回答

舉報(bào)

0/150
提交
取消
微信客服

購(gòu)課補(bǔ)貼
聯(lián)系客服咨詢優(yōu)惠詳情

 幫助反饋 APP下載

慕課網(wǎng)APP
您的移動(dòng)學(xué)習(xí)伙伴

 公眾號(hào)

掃描二維碼
關(guān)注慕課網(wǎng)微信公眾號(hào)