README
¶
go-phpserialize
PHP serialize() and unserialize() for Go.
Support All go type including map, slice, struct, array, and simple type like int, uint ...etc.
Encoding and decoding some type from standard library like time.Time, net.IP are not supported.
If you have any thought about how to support these types, please create an issue.
Or you can wrap these types and implement phpserialize.Marshaler or phpserialize.Unmarshaler
Supported and tested go version
- 1.20
- 1.21
- 1.22
- 1.23
- 1.24
Install
go get github.com/trim21/go-phpserialize
Usage
See examples
Marshal
Struct and map will be encoded to php array only.
Unmarshal
Decoding from php serialized array, class or object are all supported.
go any type will be decoded as map[any]any or map[string]any, based on raw input is array or class,
keys of map[any]any maybe int64 or string.
Note
go reflect package allow you to create dynamic struct with reflect.StructOf,
but please use it with caution.
For performance, this package will try to "compile" input type to a static encoder/decoder at first time and cache it for future use.
So a dynamic struct may cause memory leak.
Changelog
v0.1.0
Add new Marshaler to match json.Marshaler.
Go 1.23 has decided to lock down future uses of //go:linkname,
So we did a major refactoring in v0.1.0.
For simplicity, support for embed struct has been removed,
if you need this feature, send a Pull Request.
Security
TL;DR: Don't unmarshal content you can't trust.
Attackers may consume large memory with very few bytes.
php serialized array has a length prefix a:1:{i:0;s:3:"one";}, when decoding php serialized array into go slice or
go map,
go-phpserialize may call golang's make() to create a map or slice with given length.
So a malicious input like a:100000000:{} may become make([]T, 100000000) and consume high memory.
If you have to decode some un-trusted bytes, make sure only decode them into fixed-length golang array or struct,
never decode them to interface, slice or map.
benchmark
License
MIT License
Heavily inspired by https://github.com/goccy/go-json
Documentation
¶
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Marshal ¶
Example ¶
type User struct {
ID uint32 `php:"id,string"`
Name string `php:"name"`
}
type Inner struct {
V int `php:"v"`
S string `php:"a long string name replace field name"`
}
type With struct {
Users []User `php:"users,omitempty"`
Obj Inner `php:"obj"`
Ignored bool `php:"-"`
}
var data = With{
Users: []User{
{ID: 1, Name: "sai"},
{ID: 2, Name: "trim21"},
},
Obj: Inner{V: 2, S: "vvv"},
}
var b, err = phpserialize.Marshal(data)
if err != nil {
panic(err)
}
fmt.Println(string(b))
Output: a:2:{s:5:"users";a:2:{i:0;a:2:{s:2:"id";s:1:"1";s:4:"name";s:3:"sai";}i:1;a:2:{s:2:"id";s:1:"2";s:4:"name";s:6:"trim21";}}s:3:"obj";a:2:{s:1:"v";i:2;s:37:"a long string name replace field name";s:3:"vvv";}}
func Unmarshal ¶
Example ¶
var v struct {
Value map[string]string `php:"value" json:"value"`
}
raw := `a:1:{s:5:"value";a:5:{s:3:"one";s:1:"1";s:3:"two";s:1:"2";s:5:"three";s:1:"3";s:4:"four";s:1:"4";s:4:"five";s:1:"5";}}`
err := phpserialize.Unmarshal([]byte(raw), &v)
if err != nil {
panic(err)
}
fmt.Println(v.Value["five"])
Output: 5
Types ¶
type Marshaler ¶ added in v0.1.0
Marshaler allow users to implement its own encoder. **it's return value will not be validated**, please make sure you return valid encoded bytes.
Source Files
Directories