mirror of
https://github.com/php/php-src.git
synced 2024-09-21 18:07:23 +00:00
adb45a63c0
* Emit deprecation warnings when adding dynamic properties to classes during unserialization - this will become an Error in php 9.0. (Adding dynamic properties in other contexts was already a deprecation warning - the use case of unserialization was overlooked) * Throw an error when attempting to add a dynamic property to a `readonly` class when unserializing * Add new serialization methods `__serialize`/`__unserialize` for SplFixedArray to avoid creating deprecated dynamic properties that would then be added to the backing fixed-size array * Don't add named dynamic/declared properties (e.g. $obj->foo) of SplFixedArray to the backing array when unserializing * Update tests to declare properties or to expect the deprecation warning * Add news entry Co-authored-by: Tyson Andre <tysonandre775@hotmail.com>
17 lines
316 B
PHP
17 lines
316 B
PHP
--TEST--
|
|
Fix GH-9186 Readonly classes can have dynamic properties created by unserialize()
|
|
--FILE--
|
|
<?php
|
|
|
|
readonly class C {}
|
|
|
|
try {
|
|
$readonly = unserialize('O:1:"C":1:{s:1:"x";b:1;}');
|
|
} catch (Error $exception) {
|
|
echo $exception->getMessage() . "\n";
|
|
}
|
|
|
|
?>
|
|
--EXPECT--
|
|
Cannot create dynamic property C::$x
|