Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:118566
Return-Path: <tim@bastelstu.be>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 65688 invoked from network); 5 Sep 2022 17:20:06 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 5 Sep 2022 17:20:06 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 6302B180538
	for <internals@lists.php.net>; Mon,  5 Sep 2022 10:20:04 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS24940 176.9.0.0/16
X-Spam-Virus: No
X-Envelope-From: <tim@bastelstu.be>
Received: from chrono.xqk7.com (chrono.xqk7.com [176.9.45.72])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Mon,  5 Sep 2022 10:20:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bastelstu.be;
	s=mail20171119; t=1662398401;
	bh=4uvBufvy5+BL0lIM5Wl+JWsoJGhE1HGy6dIV8Yl7fkw=;
	h=Date:To:From:Subject:From;
	b=a3QnFwU8Mdc/uW1iYtqRSFYYracelfBc79O6eFUQLrPFhFNw2aJ5XQpQJ6Tj2lG5F
	 iSm5Kbx22A1ikcJeg6LfPvn5KIqzjZX2KMPO26tEIpsvv8UklCcCzuVf11/fVHiFur
	 AhjY5YTWhbEzyc/rCmgmZvBTNGhrvzshrDjNlvUXy4+C/8CT0arLylxYLgQz41UwTc
	 0YJpabNzUqrh27+BW3QeN7tGEI64aJcQNkeDJYvCFukudsHXbtKeYFSVXevPvlBKE/
	 URdUPqTN3220Qyt9VvenLFRoCpzaauzC1zVFLdwUhd8O37pEiVUe1bpFlEqrTut7G2
	 gACLlTGjrVArg==
Message-ID: <530b3a9d-0ee4-6061-8c69-df672d238032@bastelstu.be>
Date: Mon, 5 Sep 2022 19:20:00 +0200
MIME-Version: 1.0
Content-Language: en-US
To: PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Subject: RFC [Discussion]: Improve unserialize() error handling
From: tim@bastelstu.be (=?UTF-8?Q?Tim_D=c3=bcsterhus?=)

Hi

I've now written up an RFC as a follow-up for the "What type of 
Exception to use for unserialize() failure?" thread [1]:

----

RFC: Improve unserialize() error handling
https://wiki.php.net/rfc/improve_unserialize_error_handling

Proof of concept implementation is in:

https://github.com/php/php-src/pull/9425

Discussion period for that RFC is officially opened up.

----

The primary point of discussion in the previous mailing list thread and 
in the PR comments is whether unserialize() should continue to emit 
E_WARNING or whether that should consistently be changed to an 
Exception. As of now I plan to explicitly vote on this and the RFC 
contains some opinions on that matter.

Best regards
Tim Düsterhus

[1] https://externals.io/message/118311