PHP 7 – Filtered unserialize()

PHP 7 – Filtered unserialize()

unserialize() function provide better security web unserializing objects on not approved data. It avoid code injection       and allow developer to place into white list classes that can be unserialized.

Example:

<?php

class MyClass1 {

public $obj1prop;

}

class MyClass2 {

public $obj2prop;

}

 

$obj1 = new MyClass1();

$obj1->obj1prop = 11;

$obj2 = new MyClass2();

$obj2->obj2prop = 12;

 

$serializedObj1 = serialize($obj1);

$serializedObj2 = serialize($obj2);

 

// default behaviour that accepts all classes

// second argument can be ommited.

// if allowed_classes is passed as false, unserialize converts all objects into __PHP_Incomplete_Class object

$data = unserialize($serializedObj1 , ["allowed_classes" => true]);

 

// converts all objects into __PHP_Incomplete_Class object except those of MyClass1 and MyClass2

$data2 = unserialize($serializedObj2 , ["allowed_classes" => ["MyClass1", "MyClass2"]]);

 

print($data->obj1prop);

print("<br/>");

print($data2->obj2prop);

?>

The result is :

11
12

PHP 7 – IntlChar

INtlChar class define a number of static method and constants, itis used to manipulate unicode characters.

Example

<?php

printf('%x', IntlChar::CODEPOINT_MAX);

print (IntlChar::charName('@'));

print(IntlChar::ispunct('!'));

?>

The result is:

10ffff

COMMERCIAL AT

true

 

PHP 7 – CSPRNG

Two new function are used in PHP 7:

  • random_bytes()− Generates an arbitrary-length string of cryptographic random bytes
  • random_int()− Generates secure pseudo-random integers.

1.Random_bytes()

Syntax

string random_bytes ( int $length )

length − The length of the random string that should be returned in bytes.

This function returns a string containing the requested number of cryptographically secure random bytes.

Example

<?php

$bytes = random_bytes(5);

print(bin2hex($bytes));

?>

The result is :

54cc305593

2.Random_int()

Syntax

int random_int ( int $min , int $max )

  • min− The lowest value to be returned.
  • max– The highest value to be returned.

This function returns a cryptographically secure random integer in the range min to max, inclusive.

Example

<?php

print(random_int(100, 999));

print("");

print(random_int(-1000, 0));

?>

The result is :

614-882