PHP 7 Filtered unserialize()

Filtered unserialize() is added in PHP 7 to imporove security when unserializing objects on untrusted data.unserialize() takes a single serialized variable and return a PHP value.

Syntax

unserialize ( string $str [, array $options ] )
<?php

  class MyBunny { 
      public $obj1prop;   
   }
   class MyTunny {
      public $obj2prop;
   }
   $obj1 = new MyBunny();
   $obj1->obj1prop = 10;
   $obj2 = new MyTunny();
   $obj2->obj2prop = 20;
   $serializedObj1 = serialize($obj1);
   $serializedObj2 = serialize($obj2);
   // if allowed_classes is passed as false, unserialize converts all objects into __PHP_Incomplete_Class object
   $data = unserialize($serializedObj1 , ["allowed_classes" => true]);

   // converts all objects into __PHP_Incomplete_Class object except those of MyBunny and MyTunny
   $data2 = unserialize($serializedObj2 , ["allowed_classes" => ["MyBunny", "MyTunny"]]);

   print($data->obj1prop);
   print("<br/>");
   print($data2->obj2prop);
?>