散列PHP序列化对象VS散列一串序列化对象

问题描述 投票:1回答:1

我有这个PHP代码。我序列化一个类Foo,我得到输出'O:3:“Foo”:2:{s:6:“Fooa”; b:1; s:6:“Foob”; s:9:“rogthedog” ;}”。当我对这个序列化输出进行散列时,它与字符串本身的散列不同。序列化输出不应该是等于'O:3:'Foo“:2:{s:6:”Fooa“; b:1; s:6:”Foob“; s:9:”rogthedog“的字符串;}“?

<?php
/* Write your PHP code here */
class Foo {
    private $a = TRUE;
    private $b = 'rogthedog';
}


$c = new Foo;
echo(serialize($c));
# This returns 'O:3:"Foo":2:{s:6:"Fooa";b:1;s:6:"Foob";s:9:"rogthedog";}'

echo(hash('sha256', serialize($c)));
# Not the same as!
echo (hash('sha256', 'O:3:"Foo":2:{s:6:"Fooa";b:1;s:6:"Foob";s:9:"rogthedog";}'));
php serialization hash
1个回答
2
投票

从理论上讲,如果你只使用可见字符是正确的,但php也会添加不可写的字符。我已经为您准备了一个示例,从您的代码开始,该代码显示了放置不可见字符的礼物。然后我用那些角色和灰烬游戏恢复了弦乐

<?php
class Foo {
    private $a = TRUE;
    private $b = 'rogthedog';
}


$c = new Foo;
echo(serialize($c));

# this shows all the characters
echo("\n\n");
$test = str_split(serialize($c));
foreach ($test as $char) {
 echo $char."->".ord($char)." || ";
}

echo(hash('sha256', serialize($c)));
echo("\n\n");


$test2='O:3:"Foo":2:{s:6:"'.chr(0).'Foo'.chr(0).'a";b:1;s:6:"'.chr(0).'Foo'.chr(0).'b";s:9:"rogthedog";}';

echo (hash('sha256', $test2)); // YES !!!
© www.soinside.com 2019 - 2024. All rights reserved.