Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:118568
Return-Path: <george.banyard@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 25375 invoked from network); 6 Sep 2022 11:14:29 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 6 Sep 2022 11:14:29 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id D980A1804FF
	for <internals@lists.php.net>; Tue,  6 Sep 2022 04:14:28 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <george.banyard@gmail.com>
Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Tue,  6 Sep 2022 04:14:25 -0700 (PDT)
Received: by mail-pf1-f175.google.com with SMTP id c198so1154965pfc.13
        for <internals@lists.php.net>; Tue, 06 Sep 2022 04:14:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date;
        bh=NYK288Zg7yRJln+gvIaIkuv7MUM+/bQhmYS4OF3fNI8=;
        b=h2zcM8DRIhO+yX9LFEQVMNZxEMLS2ze85OQdJ0badpPvvSL4+KsVyUvYhWstXnTrvj
         wCeY+YrG+MRLkrMYvAflF1YWQp5oE2a0NZMiEpH/b6JX34jRW1AJlnATcykIf3OnCsge
         16WSucRjaACcZUDGIjYqQ9CCaQtbTXpuwW/d28cEqe+poVuWYrZ2uqr0kgC0IpXQLaz4
         yrGBWEhUCKFUSfp3oy//m/LRh9pVA3AZyLgewqBkRDuZaNnHl5qM+/nJWc9uFiq4P4dp
         QUFCisR/i7Hjn0Av6YvWWZJTfwPFwi3nb5IHQTqH6y9PtjhTCCwkHGIGO7+UZuctMm48
         rohg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date;
        bh=NYK288Zg7yRJln+gvIaIkuv7MUM+/bQhmYS4OF3fNI8=;
        b=FSlSuCSDx6lhmXYDrk2jx6RwHX/PgsYDFHjQKolYTNiKVEtTAF+/WjfTXs/h/xm/s/
         S29CYnPPxJ4MccpmxeZb9k54/GaSk1hdQlxBnMEc3u0mU4jpWp21/D39Ak12zqpIqEse
         0JMD/vJ8876NDKu4Q5J4irnnAAtz45Sq+SZBQNugzw7aiQsRvKRbTnxxxxCv+yqcncIw
         41CKY0OH8KOn4lZ3csR9asYbuCvP9vYW0Ar4VZYQzYJpnAW6T0RMR/bhLUTCCuBtUezr
         BK1k5wlWWP/6OxISSAgB5jrYPQhA3moSCo8NMm39Vf/tPsL7aJyA6nVvDEfx1YkIOiQe
         CqPQ==
X-Gm-Message-State: ACgBeo35XbiUF57fZp7kh/OFBTct/Qxw1RzQ8lQgTdse4s0HNziFDn77
	xAsGyQgpO5xMphIpjRelVvFOyGpz9WC14+PCBrjNM102Z7A=
X-Google-Smtp-Source: AA6agR7py5c/4ZkqKxATaLIl2dMA8/c4SLrdU3gxWcXRYWoxxfiogPzovEb7mdUoCgULne3JwvXUc4lMFVVKyjsh98c=
X-Received: by 2002:a05:6a00:a05:b0:534:b1ad:cfac with SMTP id
 p5-20020a056a000a0500b00534b1adcfacmr53724215pfh.35.1662462864245; Tue, 06
 Sep 2022 04:14:24 -0700 (PDT)
MIME-Version: 1.0
References: <530b3a9d-0ee4-6061-8c69-df672d238032@bastelstu.be>
In-Reply-To: <530b3a9d-0ee4-6061-8c69-df672d238032@bastelstu.be>
Date: Tue, 6 Sep 2022 12:14:13 +0100
Message-ID: <CAFPFaMJ0V8vZC2inepmZcTQeR0b0+NXgBFSFosPM90kWY3KUDQ@mail.gmail.com>
To: =?UTF-8?Q?Tim_D=C3=BCsterhus?= <tim@bastelstu.be>
Cc: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="00000000000079c52a05e8004ca7"
Subject: Re: [PHP-DEV] RFC [Discussion]: Improve unserialize() error handling
From: george.banyard@gmail.com ("G. P. B.")

--00000000000079c52a05e8004ca7
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Mon, 5 Sept 2022 at 18:20, Tim D=C3=BCsterhus <tim@bastelstu.be> wrote:

> Hi
>
> I've now written up an RFC as a follow-up for the "What type of
> Exception to use for unserialize() failure?" thread [1]:
>
> ----
>
> RFC: Improve unserialize() error handling
> https://wiki.php.net/rfc/improve_unserialize_error_handling
>
> Proof of concept implementation is in:
>
> https://github.com/php/php-src/pull/9425
>
> Discussion period for that RFC is officially opened up.
>
> ----
>
> The primary point of discussion in the previous mailing list thread and
> in the PR comments is whether unserialize() should continue to emit
> E_WARNING or whether that should consistently be changed to an
> Exception. As of now I plan to explicitly vote on this and the RFC
> contains some opinions on that matter.
>
> Best regards
> Tim D=C3=BCsterhus
>
> [1] https://externals.io/message/118311
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: https://www.php.net/unsub.php
>
>
Thank you Tim for the thorough investigation.
I didn't know how bad the situation was in regards to unserialization.
So I'm now tending in favour of promoting the notice/warnings to exceptions
as it is currently extremely hard to handle the behaviour correctly.

Best regards,

George P. Banyard

--00000000000079c52a05e8004ca7--