rfc:phar_stop_autoloading_metadata

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
rfc:phar_stop_autoloading_metadata [2020/07/21 13:27] – Start voting tandrerfc:phar_stop_autoloading_metadata [2020/07/22 17:23] tandre
Line 1: Line 1:
 ====== PHP RFC: Don't automatically unserialize Phar metadata outside getMetadata() ====== ====== PHP RFC: Don't automatically unserialize Phar metadata outside getMetadata() ======
-  * Version: 0.3+  * Version: 0.4
   * Date: 2020-07-07   * Date: 2020-07-07
   * Author: Tyson Andre <tandre@php.net>   * Author: Tyson Andre <tandre@php.net>
Line 18: Line 18:
 Don't unserialize the metadata automatically when a phar file is opened by php. Make PHP unserialize the metadata **only** if ''%%Phar->getMetadata()%%'' or ''%%PharFile->getMetadata()%%'' is called directly. Don't unserialize the metadata automatically when a phar file is opened by php. Make PHP unserialize the metadata **only** if ''%%Phar->getMetadata()%%'' or ''%%PharFile->getMetadata()%%'' is called directly.
  
-Additionally, add an ''$allowed_classes'' parameter to both getMetadata() implementations, defaulting to the current behavior of allowing any classes (true)This will be passed to the call to ''unserialize()'' performed internally.+Additionally, add an ''array $unserialize_options = []'' parameter to both getMetadata() implementations, defaulting to the current default ''unserialize()'' behavior such as allowing any classes. (As an implementation detail, if ''$unserialize_options'' is set to anything other than the default, the resulting metadata won't be cached and this won't return the value from the cache. E.g. ''%%getMetaData(['allowed_classes' => []])%%'' after ''setMetadata(new stdClass())'' will likely trigger a ''%%unserialize(['allowed_classes' => []])%%'' call internally.)
  
 This implements one possible solution for https://bugs.php.net/bug.php?id=76774 This implements one possible solution for https://bugs.php.net/bug.php?id=76774
Line 39: Line 39:
  
 Yes/No, requiring 2/3 majority to stop automatically unserializing metadata. Yes/No, requiring 2/3 majority to stop automatically unserializing metadata.
 +Voting started on 2020-07-21 and ends 2020-08-04.
  
 <doodle title="Stop automatically unserializing Phar metadata outside direct getMetadata() calls" auth="tandre" voteType="single" closed="false"> <doodle title="Stop automatically unserializing Phar metadata outside direct getMetadata() calls" auth="tandre" voteType="single" closed="false">
Line 60: Line 61:
  
 ===== Changelog ===== ===== Changelog =====
 +
 +0.4: Change from ''getMetadata($allowed_classes = ...)'' to ''getMetadata(array $unserialize_options = [])'' in this document. I forgot about max_depth being added in php 8.0 and the usefulness of being able to support future options added to unserialize() without changing the signature of getMetadata. Elaborate on implementation details ''$unserialize_options'' would lead to when setMetaData is called before ''%%$pharFileOrEntry->getMetadata(['allowed_classes' => $classes])%%''
  
 0.3: Clarify wording, add link to RFC announcement thread. Remove inapplicable ini defaults section. 0.3: Clarify wording, add link to RFC announcement thread. Remove inapplicable ini defaults section.
  
 0.2: Link to implementation. 0.2: Link to implementation.
rfc/phar_stop_autoloading_metadata.txt · Last modified: 2020/08/04 13:43 by tandre

Page Tools