安全的反序列化,对带有双引号的内容进行发序列化,例如:编辑器

 

/**
 * 安全的反序列化
 *
 * @author 
 * @param string $serialized 被序列化的字符串
 * @return mixed
*/
function safe_unserialize($serialized) {
    $testreg = array();
    if (is_string($serialized) && in_array(substr($serialized, 0, 2), array('i:', 's:', 'a:', 'o:', 'd:'))) {
        return @unserialize($serialized);
    }
    return false;
}

/**
 * 兼容utf8编码反序列化
 *
 * @author 
 * @param string $serialized
 * @return array
*/
function utf8_unserialize($serialized){
    if(!is_string($serialized)){ return $serialized;}
    $serialized = preg_replace('!s:(\d+):"(.*?)";!se', '"s:".strlen("$2").":\"$2\";"', $serialized );
    $serialized = safe_unserialize($serialized);
    return $serialized;
}

 

你可能感兴趣的:(反序列化)