Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:118435 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 52712 invoked from network); 16 Aug 2022 15:08:13 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 16 Aug 2022 15:08:13 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 66089180505 for ; Tue, 16 Aug 2022 10:11:32 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS24940 176.9.0.0/16 X-Spam-Virus: No X-Envelope-From: Received: from chrono.xqk7.com (chrono.xqk7.com [176.9.45.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Tue, 16 Aug 2022 10:11:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bastelstu.be; s=mail20171119; t=1660669890; bh=MZJiYgaO3C71f4GZSiKe6DgHPwydo6TFsbjnbK/rpQ8=; h=Date:Subject:To:References:From:In-Reply-To:From; b=eaOHEgUO1CTuJCMkRl90PdcPJ3x7r9dsvEsUnTQR5mt0jx16pV48J8vmNlJ+uX8Bp sNROdW3j5THa9UEXflSI2+MJJN5B6QpX/bfwufCwVBUpPKasYZq9YNshzFUKNcF5PQ ROV/1TViCabdpFIQpr5OxQJMps1e6yAJixsTSeNvLnxveiJzUUe91LtDFNFBykKVG/ JFA3VantZ360fE1iZurlbL2Neo79hA+aTxpP65RvER1mWmuHa8sxQ0ICV4GDmqCWqN mTXZxVXEopFmbARZWtoeM1yDsYpVWz7EIJKFipz9lQ3O5QrkO63kx0tGHx8Kd7hJxR qWRkBJZfnRt+A== Message-ID: <33d2dab3-baf7-c275-69af-8a3eb4581f64@bastelstu.be> Date: Tue, 16 Aug 2022 19:11:27 +0200 MIME-Version: 1.0 Content-Language: en-US To: Pierrick Charron , Sergey Panteleev , PHP internals References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: [PHP-DEV] Strict properties and unserialization From: tim@bastelstu.be (=?UTF-8?Q?Tim_D=c3=bcsterhus?=) Hi On 8/16/22 18:33, Pierrick Charron wrote: > In this case PHP will not trigger any deprecation warnings but it probably > should. It was something that was not thought about while writing the RFC > (at least the RFC doesn't mention anything about this). Note that for native classes (e.g. the Randomizer from my issue), creating an unknown property is not just a deprecation, but an Error if '@strict-properties' is set: > Fatal error: Uncaught Error: Cannot create dynamic property Random\Randomizer::$foo in php-src/test.php:4 > Stack trace: > #0 {main} > thrown in php-src/test.php on line 4 --- > First we could just do nothing in PHP8.2 about this and leave it like that > and only fix it in PHP8.3. This is probably the way we should do it if we > want to stick to the initial PHP8.2 release cycle calendar. > The second option would be to fix this in PHP8.2 before RC1. We don't have > any idea on how big the patch is and it may influence the final decision. > If patching it for 8.2 is the best way to do, we may want to add another > Beta (Beta4) and delay the RC1 release by 2 weeks. > > We would like to hear your thoughts about this issue. The above example (ZEND_ACC_NO_DYNAMIC_PROPERTIES) technically even affects PHP 8.0 [1]. As such this is not a new issue, but I would recommend treating this as an actual bug and fixing this in PHP 8.2, because my understanding is that this is intended to protect internal classes: https://github.com/php/php-src/commit/653e4ea1c57def2d5cd75b7da9e3943a841b7d6c and https://github.com/php/php-src/pull/5533#discussion_r422474377 It might be useful to include nikic in the discussion here? [1] In 8.0 none of the native classes having that flag are unserializable, though. Best regards Tim Düsterhus