README

Remote code execution via PHP unserialize. Official documentation says

DO NOT pass untrusted user input to unserialize() regardless of the options value of allowed_classes. Unserialization can result in code being loaded and executed due to object instantiation and autoloading, and a malicious user may be able to exploit this

But JSON does not implement data as PHP does. I.e. JSON does not support [1=>2,3=>4,"a"=>5,"and"=>"so"].

Current status

General

Usage

At first

composer require nokitakaze/serializer

And then

require_once 'vendor/autoload.php';
$text = NokitaKaze\Serializer\Serializer::serialize($data);
$data = NokitaKaze\Serializer\Serializer::unserialize($text, $is_valid);