Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:118466 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 29395 invoked from network); 25 Aug 2022 15:06:53 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 25 Aug 2022 15:06:53 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id B7E191804A9 for ; Thu, 25 Aug 2022 08:06:51 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS24940 176.9.0.0/16 X-Spam-Virus: No X-Envelope-From: Received: from chrono.xqk7.com (chrono.xqk7.com [176.9.45.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 25 Aug 2022 08:06:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bastelstu.be; s=mail20171119; t=1661440008; bh=CCrJIhSGW2n4BElZxzfiRBFVE+Gd7WVnq70kL1Vld+4=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=RTCcXWGKztMXApjyfEFnObD+sz6cn3Ja4Pm8yza1e53WxFNZo2EHFoPFj0j6w8jAg VoWYojm1oIgq76BtJ+pb75QqaZZ2Iw9rmA5OwcDpqsJwalOXHr6BlgwXLSYD7XCemi TvNuEjNTpeLKwyCXo7X3kBb3TcKHFvRCf/MYvkkAyp39aveeHVs8hJqIqs62NpCBaC L6BoU6vX+R0MWrGE4rCQxoRIN6CiN0xkFxq6SAn+OPMZ2h9nkJDtTBiALie/KPEXbP 5mfD73k25/TNAOroiiWzxYZtJGH4hV6fdCqaxg9CTjyZdRsgNOFQpag6eT965ZiY4Z mK0Q6H7YXUiPA== Message-ID: <86a071f4-41ee-33e0-92cd-2a76d5b480d8@bastelstu.be> Date: Thu, 25 Aug 2022 17:06:48 +0200 MIME-Version: 1.0 Content-Language: en-US To: "G. P. B." Cc: PHP internals References: <302000df-5c3f-a86c-a608-2a45d2726ab1@bastelstu.be> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: [PHP-DEV] What type of Exception to use for unserialize() failure? From: tim@bastelstu.be (=?UTF-8?Q?Tim_D=c3=bcsterhus?=) Hi On 8/1/22 14:58, G. P. B. wrote: >> - Add a new UnserializationFailureException extends Exception (or >> whatever color the bikeshed should have). Any existing catch blocks >> should still match, as Exception is more general. It would break for >> ext/spl, though. Unless UnserializationFailureException extends >> UnexpectedValueException. >> > > As we would be breaking BC with ext/date anyway I think having it just > extend Exception would be fine > > >> - Add a helper function that throws this Exception with a consistent >> wording. >> - Upgrade unserialize() from Notice to UnserializationFailureException. >> > > Notice to Exception might be a big jump, E_WARNING definitely an then > promote to an Exception in 9.0 is probably more in line with what we did > for 7.x/8.0 > I've created a PoC implementation here: https://github.com/php/php-src/pull/9425. - Instead of requiring everyone to adjust their `__unserialize()` implementation, the PoC instead wraps any exception that is thrown during unserialization into the UnserializationFailureException. That way, classes can emit their own meaningful error messages, while developers can just catch `UnserializationFailedException` to handle everything. - I've noticed that 'unserialize()' already emits E_WARNING for some types of error (e.g. out-of-bounds integers), so users already need to be prepared for E_WARNING to be emitted. I've adjusted the aforementioned Notice to Warning, but we might be able to directly jump to UnserializationFailedException from the existing warnings? Of course I also plan to create a proper RFC for this, once PHP 8.2 RC dust has settled a bit. Best regards Tim Düsterhus