📜  请在第二个参数中指定允许反序列化的类 - 无论代码示例

📅  最后修改于: 2022-03-11 14:57:56.148000             🧑  作者: Mango

代码示例1
PHP supports a method known as 'serialize (Object)' that is used to serialize 
the object. In PHP 7, an additional security feature has been added by 
introducing filtering 'unserialize (arg1, arg2)' method. This feature seeks 
to provide better security when unserializing objects on untrusted data. It 
prevents possible code injections by enabling the developer to whitelist 
classes that can be unserialized.

$data = unserialize($serializeObj, ["allowed_classes" => true]);