sigmasternchen/php-doc-en
1
0
Fork 0
mirror of https://github.com/sigmasternchen/php-doc-en synced 2025-03-15 16:38:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
php-doc-en/reference/igbinary/functions/igbinary-unserialize.xml
Tyson Andre aa19c140e6
Document the igbinary extension 
Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de>

Closes GH-888.
2021-09-03 15:52:16 +02:00

149 lines
5.5 KiB
XML
Raw Permalink Blame History

<?xml version="1.0" encoding="utf-8"?>
<refentry xml:id="function.igbinary-unserialize" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
<refnamediv>
<refname>igbinary_unserialize</refname>
<refpurpose>
Creates a PHP value from a stored representation from <function>igbinary_serialize</function>
</refpurpose>
</refnamediv>
<refsect1 role="description">
&reftitle.description;
<methodsynopsis>
<type>mixed</type><methodname>igbinary_unserialize</methodname>
<methodparam><type>string</type><parameter>str</parameter></methodparam>
</methodsynopsis>
<simpara>
<function>igbinary_unserialize</function> takes a single serialized variable from
<function>igbinary_serialize</function> and converts it back into a PHP value.
</simpara>
<warning>
<para>
Untrusted user input must not be passed to <function>igbinary_unserialize</function>.
Unserialization can result in code being loaded and executed due to object
instantiation and autoloading, and a malicious user may be able to exploit
this. Instead a safe, standard data interchange format such as JSON (via
<function>json_decode</function> and <function>json_encode</function>) should be used,
if serialized data needs to be passed to a client.
</para>
<para>
If there is the need to unserialize externally-stored serialized data,
<function>hash_hmac</function> can be used for data validation.
It is important to ensure that nobody has tampered with the data.
</para>
</warning>
<warning>
<para>
The igbinary serialization format does not provide a way to distinguish between different reference
groups for the same value. All PHP references to a given value as treated as part
of the same reference group when unserialized,
even if they were parts of difference reference groups when serialized.
</para>
</warning>
</refsect1>
<refsect1 role="parameters">
&reftitle.parameters;
<variablelist>
<varlistentry>
<term><parameter>str</parameter></term>
<listitem>
<para>
The serialized string generated by <function>igbinary_serialize</function>.
</para>
<para>
If the value being unserialized is an &object;, after successfully
reconstructing the object igbinary will automatically attempt to call the
<link linkend="object.unserialize">__unserialize()</link> or
<link linkend="object.wakeup">__wakeup()</link> methods (if one exists).
</para>
<para>
<note>
<title>unserialize_callback_func directive</title>
<para>
It is possible to set a callback function which will be called,
if an undefined class should be instantiated during unserializing.
(to prevent getting an incomplete <type>object</type> <literal>__PHP_Incomplete_Class</literal>.)
The &php.ini;, <function>ini_set</function> or &htaccess; can be used
to define <link linkend="ini.unserialize-callback-func">unserialize_callback_func</link>.
Everytime an undefined class should be instantiated, it will be called.
To disable this feature this setting should be emptied.
</para>
</note>
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 role="returnvalues">
&reftitle.returnvalues;
<para>
The converted value is returned, and can be a <type>bool</type>,
<type>int</type>, <type>float</type>, <type>string</type>,
<type>array</type>, <type>object</type>, or <type>null</type>.
</para>
<para>
In case the passed string is not unserializeable, &false; is returned and
<constant>E_NOTICE</constant> or <constant>E_WARNING</constant> is issued.
</para>
</refsect1>
<refsect1 role="errors">
&reftitle.errors;
<para>
Objects may throw <classname>Throwable</classname>s in their unserialization handlers.
</para>
</refsect1>
<refsect1 role="notes">
&reftitle.notes;
<warning>
<para>
&null; or &false; is returned both in the case of an error and if unserializing
the serialized &null; or &false; value. It is possible to catch this special case by
comparing <parameter>str</parameter> with
<code>igbinary_serialize(null)</code> or <code>igbinary_serialize(false)</code>
or by catching the issued <constant>E_NOTICE</constant>.
</para>
</warning>
</refsect1>
<refsect1 role="seealso">
&reftitle.seealso;
<para>
<simplelist>
<member><function>unserialize</function></member>
<member><function>json_encode</function></member>
<member><function>json_decode</function></member>
<member><function>hash_hmac</function></member>
<member><function>igbinary_serialize</function></member>
<member><link linkend="language.oop5.autoload">Autoloading Classes</link></member>
<member><link linkend="ini.unserialize-callback-func">unserialize_callback_func</link></member>
<member><link linkend="object.wakeup">__wakeup()</link></member>
<member><link linkend="object.serialize">__serialize()</link></member>
<member><link linkend="object.unserialize">__unserialize()</link></member>
</simplelist>
</para>
</refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->
Reference in a new issue View git blame Copy permalink