reference/var/functions/unserialize.xml
443d81b33e6537a000cc235c2a11748ba8d56232
443d81b33e6537a000cc235c2a11748ba8d56232
...
...
@@ -12,8 +12,8 @@
12
12
&reftitle.description;
13
13
<methodsynopsis>
14
14
<type>mixed</type><methodname>unserialize</methodname>
15
-
<methodparam><type>string</type><parameter>str</parameter></methodparam>
16
-
<methodparam choice="opt"><type>array</type><parameter>options</parameter></methodparam>
15
+
<methodparam><type>string</type><parameter>data</parameter></methodparam>
16
+
<methodparam choice="opt"><type>array</type><parameter>options</parameter><initializer>[]</initializer></methodparam>
17
17
</methodsynopsis>
18
18
<simpara>
19
19
<function>unserialize</function> takes a single serialized variable and
...
...
@@ -42,7 +42,7 @@
42
42
<para>
43
43
<variablelist>
44
44
<varlistentry>
45
-
<term><parameter>str</parameter></term>
45
+
<term><parameter>data</parameter></term>
46
46
<listitem>
47
47
<para>
48
48
The serialized string.
...
...
@@ -104,6 +104,18 @@
104
104
</simpara>
105
105
</entry>
106
106
</row>
107
+
<row>
108
+
<entry><literal>max_depth</literal></entry>
109
+
<entry><type>int</type></entry>
110
+
<entry>
111
+
<simpara>
112
+
The maximum depth of structures permitted during unserialization,
113
+
and is intended to prevent stack overflows. The default depth limit
114
+
is <literal>4096</literal> and can be disabled by setting
115
+
<literal>max_depth</literal> to <literal>0</literal>.
116
+
</simpara>
117
+
</entry>
118
+
</row>
107
119
</tbody>
108
120
</tgroup>
109
121
</table>
...
...
@@ -116,13 +128,20 @@
116
128
<refsect1 role="returnvalues">
117
129
&reftitle.returnvalues;
118
130
<para>
119
-
The converted value is returned, and can be a <type>boolean</type>,
120
-
<type>integer</type>, <type>float</type>, <type>string</type>,
131
+
The converted value is returned, and can be a <type>bool</type>,
132
+
<type>int</type>, <type>float</type>, <type>string</type>,
121
133
<type>array</type> or <type>object</type>.
122
134
</para>
123
135
<para>
124
136
In case the passed string is not unserializeable, &false; is returned and
125
-
<constant>E_NOTICE</constant> is issued.
137
+
<constant>E_WARNING</constant> is issued.
138
+
</para>
139
+
</refsect1>
140
+
141
+
<refsect1 role="errors">
142
+
&reftitle.errors;
143
+
<para>
144
+
Objects may throw <classname>Throwable</classname>s in their unserialization handlers.
126
145
</para>
127
146
</refsect1>
128
147
...
...
@@ -139,27 +158,27 @@
139
158
</thead>
140
159
<tbody>
141
160
<row>
142
-
<entry>7.1.0</entry>
161
+
<entry>8.3.0</entry>
143
162
<entry>
144
-
The <literal>allowed_classes</literal> element of
145
-
<parameter>options</parameter>) is now strictly typed, i.e. if anything
146
-
other than an <type>array</type> or a <type>boolean</type> is given,
147
-
<function>unserialize</function> returns &false; and issues an
148
-
<constant>E_WARNING</constant>.
163
+
Now emits <constant>E_WARNING</constant> when the passed string is not unserializeable;
164
+
previously <constant>E_NOTICE</constant> was emitted.
149
165
</entry>
150
166
</row>
151
167
<row>
152
-
<entry>7.0.0</entry>
168
+
<entry>7.4.0</entry>
153
169
<entry>
154
-
The <parameter>options</parameter> parameter has been added.
170
+
Added the <literal>max_depth</literal> element of
171
+
<parameter>options</parameter> to set the maximum depth of structures permitted during unserialization.
155
172
</entry>
156
173
</row>
157
174
<row>
158
-
<entry>5.6.0</entry>
175
+
<entry>7.1.0</entry>
159
176
<entry>
160
-
Manipulating the serialised data by replacing <literal>C:</literal>
161
-
with <literal>O:</literal> to force object instantiation without
162
-
calling the constructor will now fail.
177
+
The <literal>allowed_classes</literal> element of
178
+
<parameter>options</parameter>) is now strictly typed, i.e. if anything
179
+
other than an <type>array</type> or a <type>bool</type> is given,
180
+
<function>unserialize</function> returns &false; and issues an
181
+
<constant>E_WARNING</constant>.
163
182
</entry>
164
183
</row>
165
184
</tbody>
...
...
@@ -227,7 +246,7 @@ function mycallback($classname)
227
246
<para>
228
247
&false; is returned both in the case of an error and if unserializing
229
248
the serialized &false; value. It is possible to catch this special case by
230
-
comparing <parameter>str</parameter> with
249
+
comparing <parameter>data</parameter> with
231
250
<literal>serialize(false)</literal> or by catching the issued
232
251
<constant>E_NOTICE</constant>.
233
252
</para>
...
...
@@ -244,6 +263,7 @@ function mycallback($classname)
244
263
<member><function>serialize</function></member>
245
264
<member><link linkend="language.oop5.autoload">Autoloading Classes</link></member>
246
265
<member><link linkend="ini.unserialize-callback-func">unserialize_callback_func</link></member>
266
+
<member><link linkend="ini.unserialize-max-depth">unserialize_max_depth</link></member>
247
267
<member><link linkend="object.wakeup">__wakeup()</link></member>
248
268
<member><link linkend="object.serialize">__serialize()</link></member>
249
269
<member><link linkend="object.unserialize">__unserialize()</link></member>
...
...
@@ -252,7 +272,6 @@ function mycallback($classname)
252
272
</refsect1>
253
273
254
274
</refentry>
255
-
256
275
<!-- Keep this comment at the end of the file
257
276
Local variables:
258
277
mode: sgml
259
278