Unserialize and AutoLoad in PHP

$string = ' o:6: ' Foobar ': 2:{s:3: "foo"; s:1: "1"; S:3: "Bar"; s:1: "2";} '; $result = Unserialize ($string); Var_dump ($result); /* Object (__php_incomplete_class) [1] Public ' __php_incomplete_class_name ' = String ' Foobar ' (length=6) Public ' foo ' = String ' 1 ' (length=1) Public ' bar ' = = String ' 2 ' (length=1) */ ?> Copy Code When deserializing an object, if the object's class definition does not exist, then PHP will introduce an unfinished class concept, namely: __php_incomplete_class, although we are successful deserialization, but still cannot access the data in the object, otherwise the following error message will appear: the Script tried to execute a method or access a property of a incomplete object. Please ensure that the class definition of the the object is trying to operate on is loaded _before_ unserialize () gets Called or provide a __autoload () function to load the class definition. It's not a hard thing to do, just make a forced type conversion, and it becomes an array: $string = ' o:6: ' Foobar ': 2:{s:3: "foo"; s:1: "1"; S:3: "Bar"; s:1: "2";} '; $result = (array) unserialize ($string); Var_dump ($result); /* Array ' __php_incomplete_class_name ' = String ' Foobar ' (length=6) ' foo ' = String ' 1 ' (length=1) ' Bar ' = = String ' 2 ' (length=1) */ ?> Copy Code However, if the system activates the autoload, the situation becomes more complicated. By the way: PHP actually provides a configuration option named Unserialize_callback_func, but the meaning and autoload almost, here is not introduced, we say autoload, examples are as follows: Spl_autoload_register (function ($name) { Var_dump ($name); })； $string = ' o:6: ' Foobar ': 2:{s:3: "foo"; s:1: "1"; S:3: "Bar"; s:1: "2";} '; $result = (array) unserialize ($string); Var_dump ($result); ?> Copy Code Execution of the above code will find that Spl_autoload_register is triggered, most of the time this is meaningful, but if you encounter a poorly defined spl_autoload_register, such as the following code: Spl_autoload_register (function ($name) { Include "/path/to/{$name}.php"; })； $string = ' o:6: ' Foobar ': 2:{s:3: "foo"; s:1: "1"; S:3: "Bar"; s:1: "2";} '; $result = (array) unserialize ($string); Var_dump ($result); ?> Copy Code No doubt, because the class definition file is not found, so the error! Change Spl_autoload_register sure line, but the premise is you can change, if involved in third-party code, we can not take the liberty of the decision, at this time we need a way to let Unserialize to bypass AutoLoad, The simplest way is to fake the classes we need: Spl_autoload_register (function ($name) { Include "/path/to/{$name}.php"; })； Class Foobar {}//Oh, shit! $string = ' o:6: ' Foobar ': 2:{s:3: "foo"; s:1: "1"; S:3: "Bar"; s:1: "2";} '; $result = (array) unserialize ($string); Var_dump ($result); ?> Copy Code I have to say, the above code is really rubbish. To provide you with one person I wrote: Spl_autoload_register (function ($name) { Include "/path/to/{$name}.php"; })； $string = ' o:6: ' Foobar ': 2:{s:3: "foo"; s:1: "1"; S:3: "Bar"; s:1: "2";} '; $functions = Spl_autoload_functions (); foreach ($functions as $function) { Spl_autoload_unregister ($function); } $result = (array) unserialize ($string); foreach ($functions as $function) { Spl_autoload_register ($function); } Var_dump ($result); ?> Copy Code Although the code is a little bit more, but at least there is no fake class, it is more comfortable.

