Maximum depth of %d exceeded. The depth limit can be changed using the max_depth unserialize() option¶

Description¶

PHP 7.4 introduced an option with the unserialize() function. It is called max_depth and it limits the number of nesting levels that unserialize allows, when producing the PHP structures. This saves memory and processing power.

Example¶

<?php

// 4 levels of nesting
$a = [[[[]]]];

$string = serialize($a);

print_r(unserialize($string, ['max_depth' => 2]));

?>

Literal Examples¶

Maximum depth of 2 exceeded. The depth limit can be changed using the max_depth unserialize() option

Solutions¶

Remove the option from the call to unserialize().
Check the string and count the level of nesting, before calling unserialize().