rfc:not_serializable
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
rfc:not_serializable [2023/11/26 15:39] – created maxsem | rfc:not_serializable [2023/12/10 12:31] (current) – maxsem | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== PHP RFC: # | ====== PHP RFC: # | ||
* Version: 1.0 | * Version: 1.0 | ||
- | * Date: 20123-11-26 | + | * Date: 2023-11-26 |
* Author: Max Semenik, maxsem.wiki@gmail.com | * Author: Max Semenik, maxsem.wiki@gmail.com | ||
- | * Status: | + | * Status: |
* First Published at: http:// | * First Published at: http:// | ||
===== Introduction ===== | ===== Introduction ===== | ||
- | The elevator pitch for the RFC. The first paragraph | + | Some classes aren't supposed to be serialized. Currently, while PHP internal classes have a nice way of preventing being serialized/ |
+ | |||
+ | Compare the internals simply slapping '' | ||
+ | |||
+ | <code php> | ||
+ | class MyClass | ||
+ | { | ||
+ | public function __sleep() // Wait, what its signature is supposed | ||
+ | { | ||
+ | throw new Exception(' | ||
+ | } | ||
+ | |||
+ | public function __wakeup() | ||
+ | { | ||
+ | throw new Exception(' | ||
+ | } | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | Not only is this method bulky, it's also less readable. It also lacks a way to indicate the intention to various code analysers so that they could detect attempts to serialize such classes. | ||
+ | |||
+ | ===== Analysis ===== | ||
+ | As of the time I'm writing this, there are 94 uses of '' | ||
+ | * Closures | ||
+ | * Various connections like '' | ||
+ | * Reflection | ||
+ | |||
+ | What could userspace use this for? | ||
+ | * Wrappers for all the above. Imagine a PDO wrapper that creates connections on demand. If the connection hasn't been established yet, its serialization will succeed, which results in unpredictable behavior. | ||
+ | * Secret information that shouldn' | ||
+ | * Security-sensitive classes that are unsafe to unserialize with arbitrary data ([[https:// | ||
===== Proposal ===== | ===== Proposal ===== | ||
- | All the features and examples of the proposal. | + | Introduce a new attribute that would expose this functionality to userspace. |
- | To [[http:// | + | < |
- | for inclusion in one of the world' | + | # |
+ | class MyClass | ||
+ | { | ||
+ | } | ||
- | Remember that the RFC contents should be easily reusable in the PHP Documentation. | + | serialize(new MyClass()); // Exception: Serialization of ' |
+ | </ | ||
- | If applicable, you may wish to use the language specification as a reference. | + | The non-serializable flag is inherited by descendants: |
- | ===== Backward Incompatible Changes ===== | + | <code php> |
- | What breaks, and what is the justification for it? | + | class MyOtherClass extends MyClass |
+ | { | ||
+ | } | ||
- | ===== Proposed PHP Version(s) ===== | + | serialize(new MyOtherClass()); // Exception: Serialization of ' |
- | List the proposed PHP versions that the feature will be included in. Use relative versions such as "next PHP 8.x" or "next PHP 8.x.y" | + | </ |
- | ===== RFC Impact ===== | + | The above requires no changes |
- | ==== To SAPIs ==== | + | |
- | Describe the impact | + | |
- | ==== To Existing Extensions ==== | + | This feature will be exposed to reflection by the following additions to ReflectionClass: |
- | Will existing extensions | + | |
- | ==== To Opcache ==== | + | <code php> |
- | It is necessary to develop RFC's with opcache in mind, since opcache is a core extension distributed with PHP. | + | public const int IS_NOT_SERIALIZABLE |
- | Please explain how you have verified your RFC's compatibility with opcache. | + | public function isSerializable(): |
+ | </ | ||
- | ==== New Constants | + | ===== Backward Incompatible Changes ===== |
- | Describe any new constants so they can be accurately and comprehensively explained in the PHP documentation. | + | The only breaking change is the addition of a new non-namespaced class. |
- | ==== php.ini Defaults | + | ===== Proposed PHP Version(s) ===== |
- | If there are any php.ini settings then list: | + | 8.4. |
- | * hardcoded default values | + | |
- | * php.ini-development values | + | |
- | * php.ini-production values | + | |
===== Open Issues ===== | ===== Open Issues ===== | ||
Make sure there are no open issues when the vote starts! | Make sure there are no open issues when the vote starts! | ||
- | |||
- | ===== Unaffected PHP Functionality ===== | ||
- | List existing areas/ | ||
- | |||
- | This helps avoid any ambiguity, shows that you have thought deeply about the RFC's impact, and helps reduces mail list noise. | ||
- | |||
- | ===== Future Scope ===== | ||
- | This section details areas where the feature might be improved in future, but that are not currently proposed in this RFC. | ||
===== Proposed Voting Choices ===== | ===== Proposed Voting Choices ===== | ||
- | Include these so readers know where you are heading and can discuss the proposed voting options. | + | Implement this RFC? (Yes/no, 2/3 approval required.) |
===== Patches and Tests ===== | ===== Patches and Tests ===== | ||
- | Links to any external patches and tests go here. | + | * Proposed PR: https:// |
- | + | ||
- | If there is no patch, make it clear who will create a patch, or whether a volunteer to help with implementation is needed. | + | |
- | + | ||
- | Make it clear if the patch is intended to be the final patch, or is just a prototype. | + | |
- | + | ||
- | For changes affecting the core language, you should also provide a patch for the language specification. | + | |
===== Implementation ===== | ===== Implementation ===== | ||
Line 76: | Line 93: | ||
- a link to the language specification section (if any) | - a link to the language specification section (if any) | ||
- | ===== References ===== | ||
- | Links to external references, discussions or RFCs | ||
===== Rejected Features ===== | ===== Rejected Features ===== | ||
Keep this updated with features that were discussed on the mail lists. | Keep this updated with features that were discussed on the mail lists. |
rfc/not_serializable.1701013140.txt.gz · Last modified: 2023/11/26 15:39 by maxsem