nokitakaze / serializer
Safe serialization
Installs: 105
Dependents: 1
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
pkg:composer/nokitakaze/serializer
Requires
- php: ^5.6 | ^7.0.9
- ext-json: *
Requires (Dev)
- phpbench/phpbench: ^0.13
- phpunit/phpunit: ^5.5 | ^4.6
This package is not auto-updated.
Last update: 2025-10-12 11:15:53 UTC
README
Remote code execution via PHP unserialize. Official documentation says
DO NOT pass untrusted user input to unserialize() regardless of the options value of allowed_classes. Unserialization can result in code being loaded and executed due to object instantiation and autoloading, and a malicious user may be able to exploit this
But JSON does not implement data as PHP does. I.e. JSON does not support [1=>2,3=>4,"a"=>5,"and"=>"so"].
Current status
General
Usage
At first
composer require nokitakaze/serializer
And then
require_once 'vendor/autoload.php'; $text = NokitaKaze\Serializer\Serializer::serialize($data); $data = NokitaKaze\Serializer\Serializer::unserialize($text, $is_valid);