略微加速

PHP官方手册 - 互联网笔记

PHP - Manual: wddx_deserialize

2024-11-12

wddx_deserialize

(PHP 4, PHP 5, PHP 7)

wddx_deserializeUnserializes a WDDX packet

警告

该函数已在 PHP 7.4.0 中 移除

说明

wddx_deserialize(string $packet): mixed

Unserializes a WDDX packet.

警告

Do not pass untrusted user input to wddx_deserialize(). Unserialization can result in code being loaded and executed due to object instantiation and autoloading, and a malicious user may be able to exploit this. Use a safe, standard data interchange format such as JSON (via json_decode() and json_encode()) if you need to pass serialized data to the user.

参数

packet

A WDDX packet, as a string or stream.

返回值

Returns the deserialized value which can be a string, a number or an array. Note that structures are deserialized into associative arrays.

add a noteadd a note

User Contributed Notes 11 notes

up
1
Magnus Deininger, dma05 at web dot de
13 years ago
When writing your wddx file manually with an UTF-8 aware editor and saving it in utf-8, if your data gets its special characters mysteriously scrambled, try to add an xml header that marks the output as iso-8859-1, like this one:

<?xml version="1.1" encoding="iso-8859-1" ?>

This makes the wddx decode function treat the input as iso-8859-1, so it will not try to treat it as utf-8 and do an implicit decode to iso-8859-1. You will then have read all string data in the wddx packet in their original utf-8 encoding, so that 'echo' and other output functions will produce the intended result if you have set the output encoding to utf-8.

(Bugs reports on this behaviour seem to be treated as bogus, so it would seem in order to point out this incorrect and highly confusing side-effect.)
up
1
dormilich at netscape dot net
13 years ago
When deserializing objects make sure you have the class definition loaded. wddx_deserialize() doesn't call the class itself, so you will receive a fatal error.
Nevertheless you can look for the class manually and delegate it to __autoload().

<?php
// $wddx_string needs to be valid XML to be loaded by SimpleXML.
// class_exists() will call the __autoload() function. if you don't 
// want to use __autoloload(), use require_once()

function loadClassesFromWDDX($wddx_string)
{
   
$xml = new SimpleXMLElement($wddx_string);

    foreach (
$xml->xpath('//var') as $var)
    {
        if (
$var['name'] == 'php_class_name')
        {
            if (!
class_exists($var->string))
            {
                throw new
Exception('Class '" . $var->string . "'not available.');
               
// trigger_error('Class '" . $var->string . "'not available.', E_USER_ERROR);
           
}
        }
    }
}
?>
up
1
php dot net at werner-ott dot de
16 years ago
On migrating wddx_deserialize() from PHP 4.x to PHP 5.1 (5.1.0RC6):

While

  $buffer = wddx_serialize_vars($some_array);
  $some_array = wddx_deserialize($buffer);

worked fine with PHP 4.x, the deserialization failed with PHP 5.1. In the above example $some_array will just be an empty string under 5.1

While wddx_serialize_vars() seems to behave identical in 4.x and 5.1, wddx_deserialize() does NOT.

Prepending XML encoding information to the buffer turned out to be at least a workaround. So, the following works with PHP 5.1:

  $buffer = wddx_serialize_vars($some_array);
  $buffer = '<?xml version="1.0"
          encoding="ISO-8859-1"?>'.
          $buffer;
  $some_array = wddx_deserialize($buffer);

NB: It may well be, that the behavioural difference between 4.x and 5.1 described above can only be observed if the array contains certain characters, i.e. german Umlaute (

官方地址:https://www.php.net/manual/en/function.wddx-deserialize.php