Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:111313
Return-Path: <tysonandre775@hotmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 69329 invoked from network); 4 Aug 2020 14:48:44 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 4 Aug 2020 14:48:44 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 646C1180510
	for <internals@lists.php.net>; Tue,  4 Aug 2020 06:46:25 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT,
	FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,
	SPF_PASS autolearn=no autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <tysonandre775@hotmail.com>
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11olkn2032.outbound.protection.outlook.com [40.92.18.32])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Tue,  4 Aug 2020 06:46:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=QufYz2AMZpCXfIgzKehECT6Rr6p/tex5ie8vawEUK3cpwpiTgxEtixmu9JsTxORpRbZUeOOPCUCzO0d42tpPMKSZfPVaFP6ynZSYhcIw1Q46NCwuHQWGXfdAG/fQ+lzey6Dp2s9vHEh6m+PTZB705CiYreHyXav96PZqs4us2+XGJcZFBbeZ5oyVl14MZZwbe7wt7q33bHvlojARV4MZaECjPHCs30ilipk7VGj3u1wagi5DVZXvAxJgjxqKs8XUWleRw23HBGr3RgWr6ERnqAtlF8k+DhV7Alva+iwdtiqyGbf1+gMByFl1iBx/4U1ZrOrI0tdpUQcOR2dMfMaD/A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=SKmB+zBNYQ1LpYQTm3N4QxuURsNrmCkxGjg0AOFqHSE=;
 b=PZiYL0A7nRgqUx4+ebqhBSpkSj9Grl8e2YL7eZkqtLJYt5DFmiEfqD16hZWFxVFg5QVUlPS4zp8Ckc8Wt8jw6Oc1Ecth+uNzcRqv8R3DRb5B71tbRIS8HNsU2aDevFOFzh7Qmfsz1HJAqlDPj4jD+KPLc5Uxj8n7+eluETYZt0oyBQ/8a+/3c/yeUWMpwcnI7yhVgo/hqrsWwHAwmP3YC3QeXiGGgPTm2+iCTeBeU8k8f1c2iM0xSI3Mwids22pF0G01mDt5LwAw9FK08aKG1pqSNf3/EnWF3oSNwMWTR9KHSvXVB2B2qZL2cteoR3APkgVyi8OBYhq4Z2Eb9Svy3w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=SKmB+zBNYQ1LpYQTm3N4QxuURsNrmCkxGjg0AOFqHSE=;
 b=d7XIvKrmpjrHLlCx/P8TRe29tvMTjyjK9FTo75fjw5P9xssurOSkcq1+mLzEOtuXje84k6ppYqVZVSx7eeSXa+E0usaVWJeQgQ13I107QxNuPL07mxC5+q1OXoB1LcAVzUG8u6VIxJrtzrAcsGn2wDEdAXsdn1i225RoVT1RizrtS1izpwT9HUFNsmY2nim343x4ypdOCuTM+1txBNkO2L9KcQmtOBsKUfLd9T4KZAimfTSmTaG9YlFrpqVayt97WbBenMS2cx47SBFQmvbD4Iw8orY+ZDsSIBxETVZM5cuBk8v5hrBL0b93Y0McmjMsebDl8lF/1shLLhbx7JU47A==
Received: from CO1NAM11FT035.eop-nam11.prod.protection.outlook.com
 (2a01:111:e400:3861::4e) by
 CO1NAM11HT208.eop-nam11.prod.protection.outlook.com (2a01:111:e400:3861::152)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.20; Tue, 4 Aug
 2020 13:46:23 +0000
Received: from DM6PR07MB6618.namprd07.prod.outlook.com
 (2a01:111:e400:3861::4a) by CO1NAM11FT035.mail.protection.outlook.com
 (2a01:111:e400:3861::292) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.17 via Frontend
 Transport; Tue, 4 Aug 2020 13:46:22 +0000
Received: from DM6PR07MB6618.namprd07.prod.outlook.com
 ([fe80::cc10:a3e2:1dcf:adc1]) by DM6PR07MB6618.namprd07.prod.outlook.com
 ([fe80::cc10:a3e2:1dcf:adc1%6]) with mapi id 15.20.3239.021; Tue, 4 Aug 2020
 13:46:22 +0000
To: PHP Internals List <internals@lists.php.net>
Thread-Topic: [VOTE] Don't automatically unserialize Phar metadata outside
 getMetadata()
Thread-Index: AQHWX2NU3679vUvWnEezAEU+ozOr2KkoDCIt
Date: Tue, 4 Aug 2020 13:46:22 +0000
Message-ID:
 <DM6PR07MB66185480A1FE3CA5BBA4F96BF94A0@DM6PR07MB6618.namprd07.prod.outlook.com>
References:
 <DM6PR07MB66182B9F1879B64DA95FCFA6F9780@DM6PR07MB6618.namprd07.prod.outlook.com>
In-Reply-To:
 <DM6PR07MB66182B9F1879B64DA95FCFA6F9780@DM6PR07MB6618.namprd07.prod.outlook.com>
Accept-Language: en-CA, en-US
Content-Language: en-CA
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-incomingtopheadermarker:
 OriginalChecksum:519178340CA0F894B33F833A5B85FC800236C872AA837033C46DB3A02C5A618C;UpperCasedChecksum:0B7344FFE9D823A27E427061336073E6507467ACEB552A583C90F9E42D1DBFE8;SizeAsReceived:7120;Count:44
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [qyD92KTe3clNH77njZ/4xPEYm5WUNizqVjkQpODemxivXYU74i8lUPqc8KFx2CoC]
x-ms-publictraffictype: Email
x-incomingheadercount: 44
x-eopattributedmessage: 0
x-ms-office365-filtering-correlation-id: 194a9a6f-8bb7-4d55-9236-08d8387cc671
x-ms-traffictypediagnostic: CO1NAM11HT208:
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info:
 WyJyP4he7UBBOBnSzfxTMBRl7U8sQpWQ6kYvwH8U26SnVT0PKTJiaEluT/WZ/nYbIdv9VK3ordXrpPEWyIwf9jQMf8rMLh9hvTunYpL/Ojyzj7rhmkphP7lqaZGIkxHfx35sjJfTJX747b2sCcwd9QTfbq7aH5up9XBnm+5pO4pWPRkG+xSEAwuhthJWMeoVo0CyPzSgorc+DVcLK3yUD2PQFCYPEWEahi5Cc7ZsapozjLmOh7IbpuaTSAjizm2X
x-forefront-antispam-report:
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:0;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR07MB6618.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:;DIR:OUT;SFP:1901;
x-ms-exchange-antispam-messagedata:
 bIYA4kPGDMWxHwQ1n10cmCEXTJNKd4TtYEylZjTgTZldzJqgDum6mDSUrEOzI7SpZgHffS5wCmbLnWJOfYgsrvFALBWKOYb1+d7sYj753vQWHhTRnph6VV7UotdoZYdVmtQNkdgMLxif2XDmE/bzZ6j9qsF/+CekfQxsjNHXWjvJSx+H0D+3I3vTF8bzUurs0nmHFiC9W6L7Kt4b+eIhmg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: hotmail.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT035.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 194a9a6f-8bb7-4d55-9236-08d8387cc671
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Aug 2020 13:46:22.8677
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1NAM11HT208
Subject: Re: [VOTE] Don't automatically unserialize Phar metadata outside
 getMetadata()
From: tysonandre775@hotmail.com (tyson andre)

Hi internals,=0A=
=0A=
> I've started the vote on=A0https://wiki.php.net/rfc/phar_stop_autoloading=
_metadata=0A=
> as announced earlier in=A0https://externals.io/message/110871=0A=
> ([RFC] Don't automatically unserialize=A0Phar=A0metadata outside getMetad=
ata())=0A=
> =0A=
> This adds the mitigations described in https://externals.io/message/10527=
1#105291 ,=0A=
> which seemed to be the most straightforward approach to avoiding unexpect=
ed side effects of unserialization.=0A=
=0A=
The vote has passed with 25 yes votes and 0 no votes.=0A=
=0A=
Thanks,=0A=
- Tyson=