-
-
Save bueltge/1415653 to your computer and use it in GitHub Desktop.
PHP is_serialized() function.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* This program is free software. It comes without any warranty, to | |
* the extent permitted by applicable law. You can redistribute it | |
* and/or modify it under the terms of the Do What The Fuck You Want | |
* To Public License, Version 2, as published by Sam Hocevar. See | |
* http://sam.zoy.org/wtfpl/COPYING for more details. | |
*/ | |
/** | |
* Thanks to Chris for great solution, i have add only small changes | |
*/ | |
/** | |
* Tests if an input is valid PHP serialized string. | |
* | |
* Checks if a string is serialized using quick string manipulation | |
* to throw out obviously incorrect strings. Unserialize is then run | |
* on the string to perform the final verification. | |
* | |
* Valid serialized forms are the following: | |
* <ul> | |
* <li>boolean: <code>b:1;</code></li> | |
* <li>integer: <code>i:1;</code></li> | |
* <li>double: <code>d:0.2;</code></li> | |
* <li>string: <code>s:4:"test";</code></li> | |
* <li>array: <code>a:3:{i:0;i:1;i:1;i:2;i:2;i:3;}</code></li> | |
* <li>object: <code>O:8:"stdClass":0:{}</code></li> | |
* <li>null: <code>N;</code></li> | |
* </ul> | |
* | |
* @author Chris Smith <[email protected]>, Frank Bültge <[email protected]> | |
* @copyright Copyright (c) 2009 Chris Smith (http://www.cs278.org/), 2011 Frank Bültge (http://bueltge.de) | |
* @license http://sam.zoy.org/wtfpl/ WTFPL | |
* @param string $value Value to test for serialized form | |
* @param mixed $result Result of unserialize() of the $value | |
* @return boolean True if $value is serialized data, otherwise FALSE | |
*/ | |
function is_serialized( $value, &$result = null ) { | |
// Bit of a give away this one | |
if ( ! is_string( $value ) ) { | |
return FALSE; | |
} | |
// Serialized FALSE, return TRUE. unserialize() returns FALSE on an | |
// invalid string or it could return FALSE if the string is serialized | |
// FALSE, eliminate that possibility. | |
if ( 'b:0;' === $value ) { | |
$result = FALSE; | |
return TRUE; | |
} | |
$length = strlen($value); | |
$end = ''; | |
if ( isset( $value[0] ) ) { | |
switch ($value[0]) { | |
case 's': | |
if ( '"' !== $value[$length - 2] ) | |
return FALSE; | |
case 'b': | |
case 'i': | |
case 'd': | |
// This looks odd but it is quicker than isset()ing | |
$end .= ';'; | |
case 'a': | |
case 'O': | |
$end .= '}'; | |
if ( ':' !== $value[1] ) | |
return FALSE; | |
switch ( $value[2] ) { | |
case 0: | |
case 1: | |
case 2: | |
case 3: | |
case 4: | |
case 5: | |
case 6: | |
case 7: | |
case 8: | |
case 9: | |
break; | |
default: | |
return FALSE; | |
} | |
case 'N': | |
$end .= ';'; | |
if ( $value[$length - 1] !== $end[0] ) | |
return FALSE; | |
break; | |
default: | |
return FALSE; | |
} | |
} | |
if ( ( $result = @unserialize($value) ) === FALSE ) { | |
$result = null; | |
return FALSE; | |
} | |
return TRUE; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment