rfc:secure_unserialize
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
| rfc:secure_unserialize [2014/11/17 00:55] – stas | rfc:secure_unserialize [2014/11/23 06:17] – stas | ||
|---|---|---|---|
| Line 61: | Line 61: | ||
| </ | </ | ||
| + | |||
| + | ===== API change ===== | ||
| + | |||
| + | After some thought and discussion, I have decided to slightly change the API: | ||
| + | |||
| + | <code php> | ||
| + | // this will unserialize everything as before | ||
| + | $data = unserialize($foo); | ||
| + | // this will convert all objects into __PHP_Incomplete_Class object | ||
| + | $data = unserialize($foo, | ||
| + | // this will convert all objects except ones of MyClass and MyClass2 into __PHP_Incomplete_Class object | ||
| + | $data = unserialize($foo, | ||
| + | //accept all classes as in default | ||
| + | $data = unserialize($foo, | ||
| + | </ | ||
| + | |||
| + | This will allow to extend the options array in the future if we ever want to add more parameters. No objections were voiced on the list regarding this API change. | ||
| ===== References ===== | ===== References ===== | ||
rfc/secure_unserialize.txt · Last modified: 2017/09/22 13:28 by 127.0.0.1