PHP :: Bug #71840 :: Unserialize accepts wrongly data
[2016-03-17 04:27 UTC] laruence@php.net
Description: ------------ This is part of the bug #71824 which is spotted by nikic " var_dump(unserialize('a:1:{s:0:""0a:0:{}}')); ^-- wrong does not fail. That 0 should be a semicolon. We should not be accepting this string. " Test script: --------------- var_dump(unserialize('a:1:{s:0:""0a:0:{}}')); Expected result: ---------------- not accepted Actual result: -------------- accepted