reference/var/functions/unserialize.xml
443d81b33e6537a000cc235c2a11748ba8d56232
443d81b33e6537a000cc235c2a11748ba8d56232
...
...
@@ -12,8 +12,8 @@
12
12
&reftitle.description;
13
13
<methodsynopsis>
14
14
<type>mixed</type><methodname>unserialize</methodname>
15
-
<methodparam><type>string</type><parameter>str</parameter></methodparam>
16
-
<methodparam choice="opt"><type>array</type><parameter>options</parameter></methodparam>
15
+
<methodparam><type>string</type><parameter>data</parameter></methodparam>
16
+
<methodparam choice="opt"><type>array</type><parameter>options</parameter><initializer>[]</initializer></methodparam>
17
17
</methodsynopsis>
18
18
<simpara>
19
19
<function>unserialize</function> takes a single serialized variable and
...
...
@@ -42,7 +42,7 @@
42
42
<para>
43
43
<variablelist>
44
44
<varlistentry>
45
-
<term><parameter>str</parameter></term>
45
+
<term><parameter>data</parameter></term>
46
46
<listitem>
47
47
<para>
48
48
The serialized string.
...
...
@@ -50,8 +50,7 @@
50
50
<para>
51
51
If the variable being unserialized is an object, after successfully
52
52
reconstructing the object PHP will automatically attempt to call the
53
-
<link linkend="object.wakeup">__wakeup()</link> member
54
-
function (if it exists).
53
+
<link linkend="object.unserialize">__unserialize()</link> or <link linkend="object.wakeup">__wakeup()</link> methods (if one exists).
55
54
</para>
56
55
<para>
57
56
<note>
...
...
@@ -105,6 +104,18 @@
105
104
</simpara>
106
105
</entry>
107
106
</row>
107
+
<row>
108
+
<entry><literal>max_depth</literal></entry>
109
+
<entry><type>int</type></entry>
110
+
<entry>
111
+
<simpara>
112
+
The maximum depth of structures permitted during unserialization,
113
+
and is intended to prevent stack overflows. The default depth limit
114
+
is <literal>4096</literal> and can be disabled by setting
115
+
<literal>max_depth</literal> to <literal>0</literal>.
116
+
</simpara>
117
+
</entry>
118
+
</row>
108
119
</tbody>
109
120
</tgroup>
110
121
</table>
...
...
@@ -117,13 +128,20 @@
117
128
<refsect1 role="returnvalues">
118
129
&reftitle.returnvalues;
119
130
<para>
120
-
The converted value is returned, and can be a <type>boolean</type>,
121
-
<type>integer</type>, <type>float</type>, <type>string</type>,
131
+
The converted value is returned, and can be a <type>bool</type>,
132
+
<type>int</type>, <type>float</type>, <type>string</type>,
122
133
<type>array</type> or <type>object</type>.
123
134
</para>
124
135
<para>
125
136
In case the passed string is not unserializeable, &false; is returned and
126
-
<constant>E_NOTICE</constant> is issued.
137
+
<constant>E_WARNING</constant> is issued.
138
+
</para>
139
+
</refsect1>
140
+
141
+
<refsect1 role="errors">
142
+
&reftitle.errors;
143
+
<para>
144
+
Objects may throw <classname>Throwable</classname>s in their unserialization handlers.
127
145
</para>
128
146
</refsect1>
129
147
...
...
@@ -140,27 +158,27 @@
140
158
</thead>
141
159
<tbody>
142
160
<row>
143
-
<entry>7.1.0</entry>
161
+
<entry>8.3.0</entry>
144
162
<entry>
145
-
The <literal>allowed_classes</literal> element of
146
-
<parameter>options</parameter>) is now strictly typed, i.e. if anything
147
-
other than an <type>array</type> or a <type>boolean</type> is given,
148
-
<function>unserialize</function> returns &false; and issues an
149
-
<constant>E_WARNING</constant>.
163
+
Now emits <constant>E_WARNING</constant> when the passed string is not unserializeable;
164
+
previously <constant>E_NOTICE</constant> was emitted.
150
165
</entry>
151
166
</row>
152
167
<row>
153
-
<entry>7.0.0</entry>
168
+
<entry>7.4.0</entry>
154
169
<entry>
155
-
The <parameter>options</parameter> parameter has been added.
170
+
Added the <literal>max_depth</literal> element of
171
+
<parameter>options</parameter> to set the maximum depth of structures permitted during unserialization.
156
172
</entry>
157
173
</row>
158
174
<row>
159
-
<entry>5.6.0</entry>
175
+
<entry>7.1.0</entry>
160
176
<entry>
161
-
Manipulating the serialised data by replacing <literal>C:</literal>
162
-
with <literal>O:</literal> to force object instantiation without
163
-
calling the constructor will now fail.
177
+
The <literal>allowed_classes</literal> element of
178
+
<parameter>options</parameter>) is now strictly typed, i.e. if anything
179
+
other than an <type>array</type> or a <type>bool</type> is given,
180
+
<function>unserialize</function> returns &false; and issues an
181
+
<constant>E_WARNING</constant>.
164
182
</entry>
165
183
</row>
166
184
</tbody>
...
...
@@ -212,8 +230,8 @@ ini_set('unserialize_callback_func', 'mycallback'); // set your callback_functio
212
230
213
231
function mycallback($classname)
214
232
{
215
-
// just include a file containing your classdefinition
216
-
// you get $classname to figure out which classdefinition is required
233
+
// just include a file containing your class definition
234
+
// you get $classname to figure out which class definition is required
217
235
}
218
236
?>
219
237
]]>
...
...
@@ -228,7 +246,7 @@ function mycallback($classname)
228
246
<para>
229
247
&false; is returned both in the case of an error and if unserializing
230
248
the serialized &false; value. It is possible to catch this special case by
231
-
comparing <parameter>str</parameter> with
249
+
comparing <parameter>data</parameter> with
232
250
<literal>serialize(false)</literal> or by catching the issued
233
251
<constant>E_NOTICE</constant>.
234
252
</para>
...
...
@@ -245,13 +263,15 @@ function mycallback($classname)
245
263
<member><function>serialize</function></member>
246
264
<member><link linkend="language.oop5.autoload">Autoloading Classes</link></member>
247
265
<member><link linkend="ini.unserialize-callback-func">unserialize_callback_func</link></member>
266
+
<member><link linkend="ini.unserialize-max-depth">unserialize_max_depth</link></member>
248
267
<member><link linkend="object.wakeup">__wakeup()</link></member>
268
+
<member><link linkend="object.serialize">__serialize()</link></member>
269
+
<member><link linkend="object.unserialize">__unserialize()</link></member>
249
270
</simplelist>
250
271
</para>
251
272
</refsect1>
252
273
253
274
</refentry>
254
-
255
275
<!-- Keep this comment at the end of the file
256
276
Local variables:
257
277
mode: sgml
258
278