rfc:not_serializable
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
rfc:not_serializable [2023/12/09 11:54] – maxsem | rfc:not_serializable [2023/12/10 12:31] (current) – maxsem | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== PHP RFC: # | ====== PHP RFC: # | ||
* Version: 1.0 | * Version: 1.0 | ||
- | * Date: 20123-11-26 | + | * Date: 2023-11-26 |
* Author: Max Semenik, maxsem.wiki@gmail.com | * Author: Max Semenik, maxsem.wiki@gmail.com | ||
- | * Status: | + | * Status: |
* First Published at: http:// | * First Published at: http:// | ||
Line 26: | Line 26: | ||
</ | </ | ||
- | Not only is this method bulky, it's also less readable. It also lacks a way for various code analysers | + | Not only is this method bulky, it's also less readable. It also lacks a way to indicate the intention to various code analysers |
===== Analysis ===== | ===== Analysis ===== | ||
Line 37: | Line 37: | ||
* Wrappers for all the above. Imagine a PDO wrapper that creates connections on demand. If the connection hasn't been established yet, its serialization will succeed, which results in unpredictable behavior. | * Wrappers for all the above. Imagine a PDO wrapper that creates connections on demand. If the connection hasn't been established yet, its serialization will succeed, which results in unpredictable behavior. | ||
* Secret information that shouldn' | * Secret information that shouldn' | ||
- | * Security-sensitive classes that are unsafe to unserialize with arbitrary data. | + | * Security-sensitive classes that are unsafe to unserialize with arbitrary data ([[https:// |
===== Proposal ===== | ===== Proposal ===== | ||
Line 51: | Line 51: | ||
</ | </ | ||
- | This change | + | The non-serializable flag is inherited by descendants: |
+ | |||
+ | <code php> | ||
+ | class MyOtherClass extends MyClass | ||
+ | { | ||
+ | } | ||
+ | |||
+ | serialize(new MyOtherClass()); | ||
+ | </ | ||
+ | |||
+ | The above requires no changes to the engine whatsoever, all functionality is already present - it merely gets exposed to userspace. | ||
+ | |||
+ | This feature will be exposed to reflection by the following additions to ReflectionClass: | ||
+ | |||
+ | <code php> | ||
+ | public const int IS_NOT_SERIALIZABLE = ZEND_ACC_NOT_SERIALIZABLE; | ||
+ | |||
+ | public function isSerializable(): | ||
+ | </ | ||
===== Backward Incompatible Changes ===== | ===== Backward Incompatible Changes ===== |
rfc/not_serializable.1702122871.txt.gz · Last modified: 2023/12/09 11:54 by maxsem