Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/nokitakaze/php-serializer
Library for serializing data of any complexity
https://github.com/nokitakaze/php-serializer
Last synced: about 1 month ago
JSON representation
Library for serializing data of any complexity
- Host: GitHub
- URL: https://github.com/nokitakaze/php-serializer
- Owner: nokitakaze
- License: apache-2.0
- Created: 2018-02-14T12:54:27.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2018-02-14T16:43:04.000Z (almost 7 years ago)
- Last Synced: 2024-05-05T20:21:43.265Z (8 months ago)
- Language: PHP
- Homepage:
- Size: 13.7 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Safe (un-)serialization of any data
[Remote code execution via PHP unserialize](https://www.notsosecure.com/remote-code-execution-via-php-unserialize/).
[Official documentation](http://php.net/manual/en/function.unserialize.php) says
> DO NOT pass untrusted user input to unserialize() regardless of the options value of allowed_classes. Unserialization can result in code being loaded and executed due to object instantiation and autoloading, and a malicious user may be able to exploit this
But JSON does not implement data as PHP does. I.e. JSON does not support `[1=>2,3=>4,"a"=>5,"and"=>"so"]`.
## Current status
### General
[](http://travis-ci.org/nokitakaze/php-serializer)
[](https://scrutinizer-ci.com/g/nokitakaze/php-serializer/)
## Usage
At first
```bash
composer require nokitakaze/serializer
```
And then
```php
require_once 'vendor/autoload.php';
$text = NokitaKaze\Serializer\Serializer::serialize($data);
$data = NokitaKaze\Serializer\Serializer::unserialize($text, $is_valid);
```