Created
October 23, 2009 18:25
-
-
Save cs278/217091 to your computer and use it in GitHub Desktop.
PHP is_serialized() function.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* This program is free software. It comes without any warranty, to | |
* the extent permitted by applicable law. You can redistribute it | |
* and/or modify it under the terms of the Do What The Fuck You Want | |
* To Public License, Version 2, as published by Sam Hocevar. See | |
* http://sam.zoy.org/wtfpl/COPYING for more details. | |
*/ | |
/** | |
* Tests if an input is valid PHP serialized string. | |
* | |
* Checks if a string is serialized using quick string manipulation | |
* to throw out obviously incorrect strings. Unserialize is then run | |
* on the string to perform the final verification. | |
* | |
* Valid serialized forms are the following: | |
* <ul> | |
* <li>boolean: <code>b:1;</code></li> | |
* <li>integer: <code>i:1;</code></li> | |
* <li>double: <code>d:0.2;</code></li> | |
* <li>string: <code>s:4:"test";</code></li> | |
* <li>array: <code>a:3:{i:0;i:1;i:1;i:2;i:2;i:3;}</code></li> | |
* <li>object: <code>O:8:"stdClass":0:{}</code></li> | |
* <li>null: <code>N;</code></li> | |
* </ul> | |
* | |
* @author Chris Smith <[email protected]> | |
* @copyright Copyright (c) 2009 Chris Smith (http://www.cs278.org/) | |
* @license http://sam.zoy.org/wtfpl/ WTFPL | |
* @param string $value Value to test for serialized form | |
* @param mixed $result Result of unserialize() of the $value | |
* @return boolean True if $value is serialized data, otherwise false | |
*/ | |
function is_serialized($value, &$result = null) | |
{ | |
// Bit of a give away this one | |
if (!is_string($value)) | |
{ | |
return false; | |
} | |
// Serialized false, return true. unserialize() returns false on an | |
// invalid string or it could return false if the string is serialized | |
// false, eliminate that possibility. | |
if ($value === 'b:0;') | |
{ | |
$result = false; | |
return true; | |
} | |
$length = strlen($value); | |
$end = ''; | |
switch ($value[0]) | |
{ | |
case 's': | |
if ($value[$length - 2] !== '"') | |
{ | |
return false; | |
} | |
case 'b': | |
case 'i': | |
case 'd': | |
// This looks odd but it is quicker than isset()ing | |
$end .= ';'; | |
case 'a': | |
case 'O': | |
$end .= '}'; | |
if ($value[1] !== ':') | |
{ | |
return false; | |
} | |
switch ($value[2]) | |
{ | |
case 0: | |
case 1: | |
case 2: | |
case 3: | |
case 4: | |
case 5: | |
case 6: | |
case 7: | |
case 8: | |
case 9: | |
break; | |
default: | |
return false; | |
} | |
case 'N': | |
$end .= ';'; | |
if ($value[$length - 1] !== $end[0]) | |
{ | |
return false; | |
} | |
break; | |
default: | |
return false; | |
} | |
if (($result = @unserialize($value)) === false) | |
{ | |
$result = null; | |
return false; | |
} | |
return true; | |
} |
nice work!
Neat function.
Unit tests? :-)
thanks, nice work dude
Thanks 🐱 🥇
Just added || empty($value)
after is_string
:)
Thanks !
Working Great
thanks
As of Wordpress uses serialize checks a lot, here's how it is handled by Wordpress:
https://github.com/WordPress/wordpress-develop/blob/5.9/src/wp-includes/functions.php#L660-L716
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
great work ... testing it