Download the PHP package brumann/polyfill-unserialize without Composer

On this page you can find all versions of the php package brumann/polyfill-unserialize. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package polyfill-unserialize

Polyfill unserialize Build Status

Backports unserialize options introduced in PHP 7.0 to older PHP versions. This was originally designed as a Proof of Concept for Symfony Issue #21090.

You can use this package in projects that rely on PHP versions older than PHP 7.0. In case you are using PHP 7.0+ the original unserialize() will be used instead.

From the documentation:

Warning

Do not pass untrusted user input to unserialize() regardless of the options value of allowed_classes. Unserialization can result in code being loaded and executed due to object instantiation and autoloading, and a malicious user may be able to exploit this. Use a safe, standard data interchange format such as JSON (via json_decode() and json_encode()) if you need to pass serialized data to the user.

Requirements

Installation

You can install this package via composer:

Older versions

You can find the most recent 1.x versions in the branch with the same name:

Upgrading

Upgrading from 1.x to 2.0 should be seamless and require no changes to code using the library. There are no changes to the public API, i.e. the names for classes, methods and arguments as well as argument order and types remain the same. Version 2.x uses a completely different approach for substituting disallowed classes, which is why we chose to use a new major release to prevent issues from unknown side effects in existing installations.

Known Issues

There is a mismatch in behavior when allowed_classes in $options is not of the correct type (array or boolean). PHP 7.0 will not issue a warning that an invalid type was provided. This library will trigger a warning, similar to the one PHP 7.1+ will raise and then continue, assuming false to make sure no classes are deserialized by accident.

Tests

You can run the test suite using PHPUnit. It is intentionally not bundled as dev dependency to make sure this package has the lowest restrictions on the implementing system as possible.

Please read the PHPUnit Manual for information how to install it on your system.

Please make sure to pick a compatible version. If you use PHP 5.6 you should use PHPUnit 5.7.27 and for older PHP versions you should use PHPUnit 4.8.36. Older versions of PHPUnit might not support namespaces, meaning they will not work with the tests. Newer versions only support PHP 7.0+, where this library is not needed anymore.

You can run the test suite as follows:

Contributing

This package is considered feature complete. As such I will likely not update it unless there are security issues.

Should you find any bugs or have questions, feel free to submit an Issue or a Pull Request on GitHub.

Development setup

This library contains a docker setup for development purposes. This allows running the code on an older PHP version without having to install it locally.

You can use the setup as follows:

  1. Go into the project directory

  2. Build the docker image

    This will download a debian/jessie container with PHP 5.6 installed. Then it will download an appropriate version of phpunit for this PHP version. It will also download composer. It will set the working directory to /opt/app. The resulting image is tagged as polyfill-unserialize, which is the name we will refer to, when running the container.

  3. You can then run a container based on the image, which will run your tests

    This will run a docker container based on our previously built image. The container will automatically be removed after phpunit finishes. We name the image polyfill-unserialize-dev. This makes sure only one instance is running and that we can easily identify a running container by its name, e.g. in order to remove it manually. We mount our current directory into the container's working directory. This ensures that tests run on our current project's state.

You can repeat the final step as often as you like in order to run the tests. The output should look something like this:

When you are done working on the project you can free up disk space by removing the initially built image:


All versions of polyfill-unserialize with dependencies

PHP Build Version
Package Version
Requires php Version ^5.3|^7.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package brumann/polyfill-unserialize contains the following files

Loading the files please wait ....