Chris@5: = 70000) { Chris@5: return \unserialize($serialized, $options); Chris@5: } Chris@5: if (!array_key_exists('allowed_classes', $options)) { Chris@5: $options['allowed_classes'] = true; Chris@5: } Chris@5: $allowedClasses = $options['allowed_classes']; Chris@5: if (true === $allowedClasses) { Chris@5: return \unserialize($serialized); Chris@5: } Chris@5: if (false === $allowedClasses) { Chris@5: $allowedClasses = array(); Chris@5: } Chris@5: if (!is_array($allowedClasses)) { Chris@5: trigger_error( Chris@5: 'unserialize(): allowed_classes option should be array or boolean', Chris@5: E_USER_WARNING Chris@5: ); Chris@5: $allowedClasses = array(); Chris@5: } Chris@5: Chris@5: $sanitizedSerialized = preg_replace_callback( Chris@5: '/(^|;)O:\d+:"([^"]*)":(\d+):{/', Chris@5: function ($match) use ($allowedClasses) { Chris@5: list($completeMatch, $leftBorder, $className, $objectSize) = $match; Chris@5: if (in_array($className, $allowedClasses)) { Chris@5: return $completeMatch; Chris@5: } else { Chris@5: return sprintf( Chris@5: '%sO:22:"__PHP_Incomplete_Class":%d:{s:27:"__PHP_Incomplete_Class_Name";%s', Chris@5: $leftBorder, Chris@5: $objectSize + 1, // size of object + 1 for added string Chris@5: \serialize($className) Chris@5: ); Chris@5: } Chris@5: }, Chris@5: $serialized Chris@5: ); Chris@5: Chris@5: return \unserialize($sanitizedSerialized); Chris@5: } Chris@5: }