Download the PHP package brumann/polyfill-unserialize without Composer
On this page you can find all versions of the php package brumann/polyfill-unserialize. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download brumann/polyfill-unserialize
More information about brumann/polyfill-unserialize
Files in brumann/polyfill-unserialize
Package polyfill-unserialize
Short Description Backports unserialize options introduced in PHP 7.0 to older PHP versions.
License MIT
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package polyfill-unserialize
Polyfill unserialize 
Backports unserialize options introduced in PHP 7.0 to older PHP versions. This was originally designed as a Proof of Concept for Symfony Issue #21090.
You can use this package in projects that rely on PHP versions older than
PHP 7.0. In case you are using PHP 7.0+ the original unserialize() will be
used instead.
From the documentation:
Warning
Do not pass untrusted user input to unserialize() regardless of the options value of allowed_classes. Unserialization can result in code being loaded and executed due to object instantiation and autoloading, and a malicious user may be able to exploit this. Use a safe, standard data interchange format such as JSON (via json_decode() and json_encode()) if you need to pass serialized data to the user.
Requirements
- PHP 5.3+
Installation
You can install this package via composer:
Older versions
You can find the most recent 1.x versions in the branch with the same name:
Upgrading
Upgrading from 1.x to 2.0 should be seamless and require no changes to code using the library. There are no changes to the public API, i.e. the names for classes, methods and arguments as well as argument order and types remain the same. Version 2.x uses a completely different approach for substituting disallowed classes, which is why we chose to use a new major release to prevent issues from unknown side effects in existing installations.
Known Issues
There is a mismatch in behavior when allowed_classes in $options is not
of the correct type (array or boolean). PHP 7.0 will not issue a warning that
an invalid type was provided. This library will trigger a warning, similar to
the one PHP 7.1+ will raise and then continue, assuming false to make sure
no classes are deserialized by accident.
Tests
You can run the test suite using PHPUnit. It is intentionally not bundled as dev dependency to make sure this package has the lowest restrictions on the implementing system as possible.
Please read the PHPUnit Manual for information how to install it on your system.
Please make sure to pick a compatible version. If you use PHP 5.6 you should use PHPUnit 5.7.27 and for older PHP versions you should use PHPUnit 4.8.36. Older versions of PHPUnit might not support namespaces, meaning they will not work with the tests. Newer versions only support PHP 7.0+, where this library is not needed anymore.
You can run the test suite as follows:
Contributing
This package is considered feature complete. As such I will likely not update it unless there are security issues.
Should you find any bugs or have questions, feel free to submit an Issue or a Pull Request on GitHub.
Development setup
This library contains a docker setup for development purposes. This allows running the code on an older PHP version without having to install it locally.
You can use the setup as follows:
-
Go into the project directory
-
Build the docker image
This will download a debian/jessie container with PHP 5.6 installed. Then it will download an appropriate version of phpunit for this PHP version. It will also download composer. It will set the working directory to
/opt/app. The resulting image is tagged aspolyfill-unserialize, which is the name we will refer to, when running the container. -
You can then run a container based on the image, which will run your tests
This will run a docker container based on our previously built image. The container will automatically be removed after phpunit finishes. We name the image
polyfill-unserialize-dev. This makes sure only one instance is running and that we can easily identify a running container by its name, e.g. in order to remove it manually. We mount our current directory into the container's working directory. This ensures that tests run on our current project's state.
You can repeat the final step as often as you like in order to run the tests. The output should look something like this:
When you are done working on the project you can free up disk space by removing the initially built image:
