我有这个PHP代码。我序列化一个类Foo,我得到输出'O:3:“Foo”:2:{s:6:“Fooa”; b:1; s:6:“Foob”; s:9:“rogthedog” ;}”。当我对这个序列化输出进行散列时,它与字符串本身的散列不同。序列化输出不应该是等于'O:3:'Foo“:2:{s:6:”Fooa“; b:1; s:6:”Foob“; s:9:”rogthedog“的字符串;}“?
<?php
/* Write your PHP code here */
class Foo {
private $a = TRUE;
private $b = 'rogthedog';
}
$c = new Foo;
echo(serialize($c));
# This returns 'O:3:"Foo":2:{s:6:"Fooa";b:1;s:6:"Foob";s:9:"rogthedog";}'
echo(hash('sha256', serialize($c)));
# Not the same as!
echo (hash('sha256', 'O:3:"Foo":2:{s:6:"Fooa";b:1;s:6:"Foob";s:9:"rogthedog";}'));
从理论上讲,如果你只使用可见字符是正确的,但php也会添加不可写的字符。我已经为您准备了一个示例,从您的代码开始,该代码显示了放置不可见字符的礼物。然后我用那些角色和灰烬游戏恢复了弦乐
<?php
class Foo {
private $a = TRUE;
private $b = 'rogthedog';
}
$c = new Foo;
echo(serialize($c));
# this shows all the characters
echo("\n\n");
$test = str_split(serialize($c));
foreach ($test as $char) {
echo $char."->".ord($char)." || ";
}
echo(hash('sha256', serialize($c)));
echo("\n\n");
$test2='O:3:"Foo":2:{s:6:"'.chr(0).'Foo'.chr(0).'a";b:1;s:6:"'.chr(0).'Foo'.chr(0).'b";s:9:"rogthedog";}';
echo (hash('sha256', $test2)); // YES !!!