rfc:not_serializable
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionLast revisionBoth sides next revision | ||
rfc:not_serializable [2023/11/26 15:39] – created maxsem | rfc:not_serializable [2023/12/09 12:30] – maxsem | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== PHP RFC: # | ====== PHP RFC: # | ||
* Version: 1.0 | * Version: 1.0 | ||
- | * Date: 20123-11-26 | + | * Date: 2023-11-26 |
* Author: Max Semenik, maxsem.wiki@gmail.com | * Author: Max Semenik, maxsem.wiki@gmail.com | ||
- | * Status: | + | * Status: |
* First Published at: http:// | * First Published at: http:// | ||
===== Introduction ===== | ===== Introduction ===== | ||
- | The elevator pitch for the RFC. The first paragraph | + | Some classes aren't supposed to be serialized. Currently, while PHP internal classes have a nice way of preventing being serialized/ |
- | ===== Proposal ===== | + | Compare the internals simply slapping '' |
- | All the features and examples of the proposal. | + | |
- | To [[http:// | + | < |
- | for inclusion in one of the world's most popular programming languages. | + | class MyClass |
+ | { | ||
+ | public function __sleep() | ||
+ | { | ||
+ | throw new Exception('This class must not be serialized' | ||
+ | } | ||
+ | |||
+ | public function __wakeup() | ||
+ | { | ||
+ | throw new Exception(' | ||
+ | } | ||
+ | } | ||
+ | </ | ||
- | Remember | + | Not only is this method bulky, it's also less readable. It also lacks a way to indicate the intention to various code analysers so that they could detect attempts to serialize such classes. |
- | If applicable, you may wish to use the language specification as a reference. | + | ===== Analysis ===== |
+ | As of the time I'm writing this, there are 94 uses of '' | ||
+ | * Closures | ||
+ | * Various connections like '' | ||
+ | * Reflection | ||
- | ===== Backward Incompatible Changes ===== | + | What could userspace use this for? |
- | What breaks, and what is the justification | + | * Wrappers for all the above. Imagine a PDO wrapper that creates connections on demand. If the connection hasn't been established yet, its serialization will succeed, which results in unpredictable behavior. |
+ | * Secret information that shouldn' | ||
+ | * Security-sensitive classes that are unsafe to unserialize with arbitrary data ([[https:// | ||
- | ===== Proposed PHP Version(s) | + | ===== Proposal |
- | List the proposed PHP versions | + | Introduce a new attribute |
- | ===== RFC Impact ===== | + | <code php> |
- | ==== To SAPIs ==== | + | # |
- | Describe the impact to CLI, Development web server, embedded PHP etc. | + | class MyClass |
+ | { | ||
+ | } | ||
- | ==== To Existing Extensions ==== | + | serialize(new MyClass()); // Exception: Serialization of ' |
- | Will existing extensions be affected? | + | </ |
- | ==== To Opcache ==== | + | This change requires no changes |
- | It is necessary | + | |
- | Please explain how you have verified your RFC's compatibility with opcache. | + | ===== Backward Incompatible Changes ===== |
+ | The only breaking change is the addition of a new non-namespaced class. | ||
- | ==== New Constants | + | ===== Proposed |
- | Describe any new constants so they can be accurately and comprehensively explained in the PHP documentation. | + | 8.4. |
- | + | ||
- | ==== php.ini Defaults | + | |
- | If there are any php.ini settings then list: | + | |
- | * hardcoded default values | + | |
- | * php.ini-development values | + | |
- | * php.ini-production values | + | |
===== Open Issues ===== | ===== Open Issues ===== | ||
Make sure there are no open issues when the vote starts! | Make sure there are no open issues when the vote starts! | ||
- | |||
- | ===== Unaffected PHP Functionality ===== | ||
- | List existing areas/ | ||
- | |||
- | This helps avoid any ambiguity, shows that you have thought deeply about the RFC's impact, and helps reduces mail list noise. | ||
- | |||
- | ===== Future Scope ===== | ||
- | This section details areas where the feature might be improved in future, but that are not currently proposed in this RFC. | ||
===== Proposed Voting Choices ===== | ===== Proposed Voting Choices ===== | ||
- | Include these so readers know where you are heading and can discuss the proposed voting options. | + | Implement this RFC? (Yes/no, 2/3 approval required.) |
===== Patches and Tests ===== | ===== Patches and Tests ===== | ||
- | Links to any external patches and tests go here. | + | * Proposed PR: https:// |
- | + | ||
- | If there is no patch, make it clear who will create a patch, or whether a volunteer to help with implementation is needed. | + | |
- | + | ||
- | Make it clear if the patch is intended to be the final patch, or is just a prototype. | + | |
- | + | ||
- | For changes affecting the core language, you should also provide a patch for the language specification. | + | |
===== Implementation ===== | ===== Implementation ===== | ||
Line 76: | Line 75: | ||
- a link to the language specification section (if any) | - a link to the language specification section (if any) | ||
- | ===== References ===== | ||
- | Links to external references, discussions or RFCs | ||
===== Rejected Features ===== | ===== Rejected Features ===== | ||
Keep this updated with features that were discussed on the mail lists. | Keep this updated with features that were discussed on the mail lists. |
rfc/not_serializable.txt · Last modified: 2023/12/10 12:31 by maxsem