Both sides previous revisionPrevious revisionNext revision | Previous revision |
rfc:phar_stop_autoloading_metadata [2020/07/22 17:18] – tandre | rfc:phar_stop_autoloading_metadata [2020/08/04 13:43] (current) – close the vote tandre |
---|
* Date: 2020-07-07 | * Date: 2020-07-07 |
* Author: Tyson Andre <tandre@php.net> | * Author: Tyson Andre <tandre@php.net> |
* Status: Voting | * Status: Implemented |
* First Published at: https://wiki.php.net/rfc/phar_stop_autoloading_metadata | * First Published at: https://wiki.php.net/rfc/phar_stop_autoloading_metadata |
* Implementation: https://github.com/php/php-src/pull/5855 | * Implementation: https://github.com/php/php-src/pull/5855 |
Don't unserialize the metadata automatically when a phar file is opened by php. Make PHP unserialize the metadata **only** if ''%%Phar->getMetadata()%%'' or ''%%PharFile->getMetadata()%%'' is called directly. | Don't unserialize the metadata automatically when a phar file is opened by php. Make PHP unserialize the metadata **only** if ''%%Phar->getMetadata()%%'' or ''%%PharFile->getMetadata()%%'' is called directly. |
| |
Additionally, add an ''array $unserialize_options = []'' parameter to both getMetadata() implementations, defaulting to the current default ''unserialize()'' behavior such as allowing any classes. (As an implementation detail, if ''$unserialize_options'' is set to anything other than the default, the resulting metadata won't be cached and this won't return the value from the cache. E.g. ''getMetaData(['allowed_classes' => []])'' after ''setMetadata(new stdClass())'' will likely trigger a ''unserialize(['allowed_classes' => []])'' call internally.) | Additionally, add an ''array $unserialize_options = []'' parameter to both getMetadata() implementations, defaulting to the current default ''unserialize()'' behavior such as allowing any classes. (As an implementation detail, if ''$unserialize_options'' is set to anything other than the default, the resulting metadata won't be cached and this won't return the value from the cache. E.g. ''%%getMetaData(['allowed_classes' => []])%%'' after ''setMetadata(new stdClass())'' will likely trigger a ''%%unserialize(['allowed_classes' => []])%%'' call internally.) |
| |
This implements one possible solution for https://bugs.php.net/bug.php?id=76774 | This implements one possible solution for https://bugs.php.net/bug.php?id=76774 |
| |
Yes/No, requiring 2/3 majority to stop automatically unserializing metadata. | Yes/No, requiring 2/3 majority to stop automatically unserializing metadata. |
Voting started on 2020-07-21 and ends 2020-08-04. | Voting started on 2020-07-21 and ended 2020-08-04. |
| |
<doodle title="Stop automatically unserializing Phar metadata outside direct getMetadata() calls" auth="tandre" voteType="single" closed="false"> | <doodle title="Stop automatically unserializing Phar metadata outside direct getMetadata() calls" auth="tandre" voteType="single" closed="true"> |
* Yes | * Yes |
* No | * No |
===== Changelog ===== | ===== Changelog ===== |
| |
0.4: Change from ''getMetadata($allowed_classes = ...)'' to ''getMetadata(array $unserialize_options = [])'' in this document. I forgot about max_depth being added in php 8.0 and the usefulness of being able to support future options added to unserialize() without changing the signature of getMetadata. | 0.4: Change from ''getMetadata($allowed_classes = ...)'' to ''getMetadata(array $unserialize_options = [])'' in this document. I forgot about max_depth being added in php 8.0 and the usefulness of being able to support future options added to unserialize() without changing the signature of getMetadata. Elaborate on implementation details ''$unserialize_options'' would lead to when setMetaData is called before ''%%$pharFileOrEntry->getMetadata(['allowed_classes' => $classes])%%'' |
| |
0.3: Clarify wording, add link to RFC announcement thread. Remove inapplicable ini defaults section. | 0.3: Clarify wording, add link to RFC announcement thread. Remove inapplicable ini defaults section. |
| |
0.2: Link to implementation. | 0.2: Link to implementation. |