rfc:secure_unserialize
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
rfc:secure_unserialize [2014/11/03 21:06] – stas | rfc:secure_unserialize [2014/11/23 06:18] – stas | ||
---|---|---|---|
Line 36: | Line 36: | ||
$data = unserialize($foo, | $data = unserialize($foo, | ||
</ | </ | ||
+ | |||
+ | See API Update below. | ||
===== Backward Incompatible Changes ===== | ===== Backward Incompatible Changes ===== | ||
Line 56: | Line 58: | ||
Vote started on 2014-11-03 and is open until 2014-11-10 23:59:59 PST. | Vote started on 2014-11-03 and is open until 2014-11-10 23:59:59 PST. | ||
- | <doodle title=" | + | <doodle title=" |
* Yes | * Yes | ||
* No | * No | ||
</ | </ | ||
+ | |||
+ | ===== API change ===== | ||
+ | |||
+ | After some thought and discussion, I have decided to slightly change the API: | ||
+ | |||
+ | <code php> | ||
+ | // this will unserialize everything as before | ||
+ | $data = unserialize($foo); | ||
+ | // this will convert all objects into __PHP_Incomplete_Class object | ||
+ | $data = unserialize($foo, | ||
+ | // this will convert all objects except ones of MyClass and MyClass2 into __PHP_Incomplete_Class object | ||
+ | $data = unserialize($foo, | ||
+ | //accept all classes as in default | ||
+ | $data = unserialize($foo, | ||
+ | </ | ||
+ | |||
+ | This will allow to extend the options array in the future if we ever want to add more parameters. No objections were voiced on the list regarding this API change. | ||
===== References ===== | ===== References ===== |
rfc/secure_unserialize.txt · Last modified: 2017/09/22 13:28 by 127.0.0.1