Unserialize and AutoLoad

PHP programmer who should know that unserialize and AutoLoad , but to talk about the relationship between the two, I'm afraid there are not many people to be sure.

For example, suppose we can get a third party serialization data, but there is no corresponding class definition, the code is as follows:

PHP

$string = ' o:6: Foobar: 2:{s:3: "foo"; s:1: "1"; S:3: "Bar"; s:1: "2";} ';

$result = unserialize ($ string);

Var_dump ($result);

/*

Object (__php_incomplete_class) [1]

Public ' __php_incomplete_class_name ' => string ' Foobar ' (length=6)

Public ' foo ' => string ' 1 ' (length=1)

Public ' bar ' => string ' 2 ' (length=1)

*/

? > When we deserialize an object, if the object's class definition does not exist, then PHP introduces the concept of an unfinished class, namely: __php_incomplete_class, at this point, although we have succeeded in deserialization, we still cannot access the data in the object. Otherwise, the following error message appears:

The script tried to execute a or access a, incomplete object. Please ensure this class definition of the object you are trying to operate on is loaded _before_ () unserialize Called or provide a __autoload () function to load the class definition.

This is not a difficult task, just do a mandatory type conversion, the array will be OK:

PHP

$string = ' O:6: "Foobar": 2:{s:3: "foo"; s:1: "1"; S:3: "Bar"; s:1: "2";} ';

$result = (array) unserialize ($string) ;

Var_dump ($result);

/*

Array

' __php_incomplete_class_name ' => string ' Foobar ' (length=6)

' foo ' => string ' 1 ' (length=1)

' bar ' => string ' 2 ' (length=1)

*/

?

But if the system activates the autoload, the situation can become more complicated. By the way: PHP actually provides a name for the UNSERIALIZE_CALLBACK_FUNC configuration option, but meaning and autoload almost, here is not introduced, we will say autoload, examples are as follows:

? Php

Spl_autoload_register (function ($name) {

Var_dump ($name);

})；

$string = ' O:6: "Foobar": 2:{s:3: "foo"; s:1: "1"; S:3: "Bar"; s:1: "2";} ';

$result = (array) unserialize ($string);

Var_dump ($result);

？ > Executing the above code will find that Spl_autoload_register is triggered, most of the time it makes sense, but if you encounter a poorly defined spl_autoload_register, it will be sad, such as the following code:

? Php

Spl_autoload_register (function ($name) {

Include "/path/to/{$name}.php";

})；

$string = ' O:6: "Foobar": 2:{s:3: "foo"; s:1: "1"; S:3: "Bar"; s:1: "2";} ';

$result = (array) unserialize ($string);

Var_dump ($result);

？ >

PHP

Spl_autoload_register (function ($name) {

include "/path/to/{$name}.php";

});

class Foobar {}//Oh, shit!

$string = ' o:6: Foobar: 2:{s:3: "foo"; s:1: "1"; S:3: "Bar"; s:1: "2";} ';

$result = (array) Unserialize ($string);

Var_dump ($result);

? > have to say that the code above is really a piece of crap! What's the best way to do that? I have roughly written an implementation:

. PHP

Spl_autoload_register (function ($name) {

include "/path/to/{$name}.php";

});

$string = ' o:6: Foobar: 2:{s:3: "foo"; s:1: "1"; S:3: "Bar"; s:1: "2";} ';

$functions = Spl_autoload_ Functions ();

foreach ($functions as $function) {

Spl_autoload_unregister ($function);

}

$result = (array) unserialize ($string);

foreach ($functions as $function) {

Spl_ Autoload_register ($function);

}

Var_dump ($result);

? > code is a bit more, but at least there is no fake class, it looks more comfortable.