Chris@18: = 70000) { Chris@18: return \unserialize($serialized, $options); Chris@18: } Chris@18: if (!array_key_exists('allowed_classes', $options)) { Chris@18: $options['allowed_classes'] = true; Chris@18: } Chris@18: $allowedClasses = $options['allowed_classes']; Chris@18: if (true === $allowedClasses) { Chris@18: return \unserialize($serialized); Chris@18: } Chris@18: if (false === $allowedClasses) { Chris@18: $allowedClasses = array(); Chris@18: } Chris@18: if (!is_array($allowedClasses)) { Chris@18: trigger_error( Chris@18: 'unserialize(): allowed_classes option should be array or boolean', Chris@18: E_USER_WARNING Chris@18: ); Chris@18: $allowedClasses = array(); Chris@18: } Chris@18: Chris@18: $sanitizedSerialized = preg_replace_callback( Chris@18: '/(^|;)O:\d+:"([^"]*)":(\d+):{/', Chris@18: function ($match) use ($allowedClasses) { Chris@18: list($completeMatch, $leftBorder, $className, $objectSize) = $match; Chris@18: if (in_array($className, $allowedClasses)) { Chris@18: return $completeMatch; Chris@18: } else { Chris@18: return sprintf( Chris@18: '%sO:22:"__PHP_Incomplete_Class":%d:{s:27:"__PHP_Incomplete_Class_Name";%s', Chris@18: $leftBorder, Chris@18: $objectSize + 1, // size of object + 1 for added string Chris@18: \serialize($className) Chris@18: ); Chris@18: } Chris@18: }, Chris@18: $serialized Chris@18: ); Chris@18: Chris@18: return \unserialize($sanitizedSerialized); Chris@18: } Chris@18: }