Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:103514 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 56383 invoked from network); 27 Nov 2018 02:24:06 -0000 Received: from unknown (HELO mail-pg1-f172.google.com) (209.85.215.172) by pb1.pair.com with SMTP; 27 Nov 2018 02:24:06 -0000 Received: by mail-pg1-f172.google.com with SMTP id g189so6863328pgc.5 for ; Mon, 26 Nov 2018 14:47:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=KSVZUc+zRwggokQ7BuZF9vHaCveqAk4yZ0d90/rKTPM=; b=S/K/6vcd4TX+iVymJZ+KegfrsVfIhv3SNdKCdiyFCElZkJjRQzwJaRqENLS2Gq94ky 63DXPL5yC04egXa+RCTct+CkMrrmRxBkwhCy92KDNHhx6NJmvhd7IWTQjfa1B//8P4IK 8Tr0zCKBLn2wBB4wJKy5cfB11LxQW68eDfw6TtK9ip1F4euX3zgJubaaXvsHtlg3WeQx YlmxFFghUhahvAvLRiulSeZe9lTDW7wTzgifvETrhRfQiZzyJXgsBLI+AWBzfgOcP8+e Xq8TegNMQQwsbHavxK9MZ0OdgF/UtxkPLWEaf2xP5Cr4dEghSVVk+cxkDMpzqClmpyTk vwdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=KSVZUc+zRwggokQ7BuZF9vHaCveqAk4yZ0d90/rKTPM=; b=C6M7zn05MOMGZ83UDbvol7JXgdCtjyccZ5JC5Beo/BXSgEDFJGNXq/9IT2q509BtJ/ SyTfZ30WyJ60KxiheN2iPvVienHU5vaTDid0/TCv/1ep5j9GJSMpAj6xZ4rvghXIYmz4 TKbNorKCBe1MX+fZZCqjIICjMxubSb53421P0crVFyS7AdebodPzQGEoqEClsMcHVc9s LM6zepzWBTOUc97MNVMUctlU+SN/f6SZWxmGHWu1ftiteQO/JGwtw0qURKmUI7AxdH66 h75LH7SEpoJ407aNyGFUsrEjToDwoqVuefKfxCMoQcipJ6bVj+u2G/neCjNBK68yG1UI XOXA== X-Gm-Message-State: AA+aEWbkbNoxEOUCSV/WCflP/K+LF9scm3h71aBB+K+SQFtc9HCsgYW7 lR5tpvbXux6mwYM4cCr9arHDKWzJfQ== X-Google-Smtp-Source: AFSGD/Womf2spyHW581KO+8ysc5aJZYOLIrBgP6VIMqIKBlEhblIUwCCb8LX0uTmf2t2pIfJiC1RYQ== X-Received: by 2002:a65:4646:: with SMTP id k6mr26245331pgr.153.1543272452812; Mon, 26 Nov 2018 14:47:32 -0800 (PST) Received: from Stas-Pro-2016.lan (c-24-4-176-254.hsd1.ca.comcast.net. [24.4.176.254]) by smtp.gmail.com with ESMTPSA id z13sm1511464pgf.84.2018.11.26.14.47.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 26 Nov 2018 14:47:32 -0800 (PST) To: Nikita Popov , PHP internals References: Openpgp: preference=signencrypt Autocrypt: addr=smalyshev@gmail.com; prefer-encrypt=mutual; keydata= xsJuBE9mqaARCACFSqcGmNunkjQQu3X+yXnTmFeEkvM4JXZTOBdR8aEevNGmmFEfyvjaDjWi 9hcwp4E/lYtC+P7VsVjM1OSX9eq0jC/lGL0ZyRXek+mNy0n5H1NSuTpf9Y18LMqhc4G+RU+L cNiZ9K0DJuOOvNLPxW7OHZguxb3wdKPXNVa2jyRfJAKm2uaJJMT1mTmFT9a0Q8SKr+mUrrJk uG0H2o6SzrKt8Wwoint1eh67zVsJaJtQFchnEZnlawIcqP2yC4nLGR3MkubowxoEBYCZet18 aHVVRbvpG2Qtob8Lu5xrsGbmXymTkHTdpvkfcJFADa8MzOL90zOxXwbGfbIZOlh5En8jAQCX lfnx2eQL3BSW/6XANa51dbWiEp1d1BAkpGKtZvlk0Qf+M9WAi+9aXMe3xP5krxtgnRNUf2WN 6Zdy2MxL1RRJCFbytLhl0ronC49BsGYVGshdEH8xhBbiIOJKuVZ/DTl9bEm7P9c7CC7iJyVC khUAhouH6xzZQNLR+RU+QebYzXypVfl99Qk7EdMmr/WAZCHLuvanyqepC5EBsa3VnAfQemSN oBeGBKWWLiOsPjvS72+y1z4RUMAfXHn4l/sFMt8zt7/74AmJPwZquV41p4mPO12V4+xPyc6R sB84sfsk2QVivU8w8AkvGQeYjXoz7Iwao95+fWteVzZ36KRQvUckP8pGjHlDXnHxJ0HI1I/k OBZSjwRwUf0dd73y6erPhbLk+gf+NdI3H9KGJBzG5/rVyWKwUeQ9d5ud4jTJRkQGvAP5pg76 vEa9dogbpe4W5Z+0BfbiJSnQmQWSHiZddj/t33ptbup44Ck6ZTgdlmFYMLF1hR47PIZTDKER EuKYGci/vq8snZvEJP9YCw/TtiHcMdrMKcY/+Lp8lQO0GHLPB9glVhnC0db6l1Xpg1CMI8/R ozBMcij30EgATggC/y2zbiqAFoS9FN9nXPbe4phStqABEyeZ+nXudt7PUYTjVgcrqo8bHZCi sBobWC7OnKyUzxVxzUeuPkIfmZuzkLaMw2McQdvwwsNvQ0DzaLP30c1Xsm/7EIYJcOWpzlVJ 5QrdmE0/Bc0yU3RhbmlzbGF2IE1hbHlzaGV2IChQSFAga2V5KSA8c21hbHlzaGV2QGdtYWls LmNvbT7CegQTEQgAIgUCT2aqtAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQL3lW vF2gS12XMwD9HuRIolSwIK77u8EY461y2u6sbX36n5/uo/LDQuxoi3sA/0MvpnvzOhv9Iufv vsZEj3E7i3h+iD5648YMwfTFCij+zsFNBE9mqaAQCADfZPMpjZkkGZj3BY/7ApoLq4mwqzbh +CpLXwNn20tFNvSXfb8RdeXvVEb7Scx+W9qYpiaun2iXJgCVH8fgpZpR856ulT1q6uCG++CX ubEvip/eJkZl93/84h04KQJwsgOrAh0Om3OePRn8Pr+++0LNS0EL8uX/YHeTOGOnnmTqYTey SBVFdov6L4mepddfjekicKQqhL7mZh/xuq29JijT0uNNX8v4vDWQDu5dlAcdd+uB3gcXMD/P ginD11zp+6wtrWCm/+yBqpvDwXQX5PGUnwvbRfl7Ay3MmwmoXiecZMg0dwTSc7e0lhB4HGRH ZdBMJB4rHUVGdzqujK/ctOvrAAMFB/0Utb76Qe6sCMlHxVAmeE/fbo7Pi05btZ/x01r67dHf aMSP0riCKJ7M0OW+jAXtu9+z/BVnYisW67WWfxl2cS5tZDgiHgJARXWUOO72+sScHP8KQmTl 1z16gyKbwY3SmyBkwcpOL35nhUWNLy93syPoY6sZUTikr2bZYukHDQ33XBPs4e6MbWKfsa9q aVmnlOF3k5UqChjutfHaEa4Q7VP4wBIpphHBi9MI16oJIzzBPbGl2uoedjwiZ6QeQZnSuOVY ZxU2d3lRA8PrtfFN1VSlpEm/VcAvtieHUYWHN0wOu+cp3Slr5XJVNjTjJhl28SlinMME54mK AGf2Ldr/dRwXwmEEGBEIAAkFAk9mqaACGwwACgkQL3lWvF2gS126EQD/VVd3FgjLKglClRQP zdfU847tqDK4zJjbmRv5vLLwoE0A+wbrQs7jVGU3NrS0AIl5vUmewpp2BKzSkepy23nWmejw Message-ID: Date: Mon, 26 Nov 2018 14:47:30 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.3.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Built-in classes that cannot be serialized From: smalyshev@gmail.com (Stanislav Malyshev) Hi! > We should migrate such cases to serialize_deny though. I think it's pretty > weird to explicitly implement __wakeup (signalling that yes, you can be > unserialized), and then use it to throw (sorry, I lied). Throwing in __wakeup does not signal that it can be serialized. What it says that if you try to unserialize it (note that the code doing unserialize is not the same that does serialize and has no control over what the argument string says - it may demand to unserialize anything) it won't work. That _implies_ you shouldn't also serialize it (because what's the point) but the important part is not to produce broken objects from unserialization loop. Also, for CURLFile for example there are additional things that happen on __wakeup besides throwing, probably for security reasons. I am not sure whether they are necessary anymore as we pretty much tell people "don't unserialize external data" but they are there for now. Just moving to _deny handler would probably not keep them. -- Stas Malyshev smalyshev@gmail.com