Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:118609
Return-Path: <danack@basereality.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 26461 invoked from network); 12 Sep 2022 11:19:40 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 12 Sep 2022 11:19:40 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id A9EFD1804A7
	for <internals@lists.php.net>; Mon, 12 Sep 2022 04:19:37 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_40,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <danack@basereality.com>
Received: from mail-vk1-f173.google.com (mail-vk1-f173.google.com [209.85.221.173])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Mon, 12 Sep 2022 04:19:37 -0700 (PDT)
Received: by mail-vk1-f173.google.com with SMTP id 134so4028565vkz.11
        for <internals@lists.php.net>; Mon, 12 Sep 2022 04:19:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=basereality-com.20210112.gappssmtp.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date;
        bh=Oi+I3MUFv8dFdzSdOCg9K+R9o+COPb2b0l0ptObdyQI=;
        b=D9pY9dVSKa6fyMsTOBpzqeZsiYJ5ePQ7/mpLZaHPpVv+KRMzQpbqeR8BDDnYpHwV6H
         9xrpS+IXoYOfCyr2DwkGfsl2nkJawrK+QHKsa0g6aUNbHKBAG+ssatA7r7UV7jNLJmeB
         7KcC6dXS0WlfH2WxGC+7LTa19OTYvN6PZRG5Gvs7IzZrzJVYdIwtpMmd9QWPnSxQHzC5
         MwtfKWn1/1MUhkdTQgBhqB+mHeOel1sq70iXGHp2Rd7NDwp2ZAhKhvWWwM6+sxKAUX0k
         /BWiSh6x/3ln04zVLhecqsEpev5o9y7rXU0E3kV0mo1m2UizXpMzRD12RzjGBGS8nW64
         j2Xg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date;
        bh=Oi+I3MUFv8dFdzSdOCg9K+R9o+COPb2b0l0ptObdyQI=;
        b=tre6QrfUMSfE1xY+hs7JDahXv+SZRMti38+hl6+NVkQlIr2PfJZ8etS7tOP9RaNc2I
         7n9cijB63MDwXmreUwqRXSI4bAdeKFq8FtAGSzrAVwJHvouVZTjEHBiLks9Z9b7t6WKq
         OnlwoFgLcqtxNYJofShU8znn8y3xZ7wfbyFrgtccgIRqyNByE+AoUvwJqXyxQcGSRgDE
         Q3SRMlbqSsu/+ZB5RSjZdOJ5BUGi6k+Zp2ZBMZIKU/FsUXa31FhLmVFCVf+rHJaNev7A
         Qx65c/hHcJHiRLc0w1qG2LjKyO/+m8dkwiOVZKyfLutCMlAWN60gPWtFNZuahrxa0/ZM
         O2wA==
X-Gm-Message-State: ACgBeo0dtugfmtoqmhV7nykNtZ9KlXqcjq13f7zAD5KFntmi37y3HFG6
	iDcwvONrvFtmklsi7n/K8oNzxa+hgQ9n7ThgLwOq5Q==
X-Google-Smtp-Source: AA6agR6HWjWcIUfF7W+uEy+eRT7qh/lMAGcGsUos0TpfypTAAXEAabwh5sA/8GlaD4PIjSx4HC2uO2k+DGt0na9Xk1k=
X-Received: by 2002:a1f:2548:0:b0:3a2:5fbb:6485 with SMTP id
 l69-20020a1f2548000000b003a25fbb6485mr497062vkl.18.1662981576428; Mon, 12 Sep
 2022 04:19:36 -0700 (PDT)
MIME-Version: 1.0
References: <530b3a9d-0ee4-6061-8c69-df672d238032@bastelstu.be> <CAOWwgpnQuRMv4Uv=bM+QNBPeUC8BCk4f1kYOcg8EUrYD1WoRzQ@mail.gmail.com>
In-Reply-To: <CAOWwgpnQuRMv4Uv=bM+QNBPeUC8BCk4f1kYOcg8EUrYD1WoRzQ@mail.gmail.com>
Date: Mon, 12 Sep 2022 12:19:25 +0100
Message-ID: <CA+kxMuR+AdK3YUdU_oNb5D1tgqGaK7gMJZZyNO5+jMXbz4HZfg@mail.gmail.com>
To: Nicolas Grekas <nicolas.grekas+php@gmail.com>
Cc: =?UTF-8?Q?Tim_D=C3=BCsterhus?= <tim@bastelstu.be>, 
	PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset="UTF-8"
Subject: Re: [PHP-DEV] RFC [Discussion]: Improve unserialize() error handling
From: Danack@basereality.com (Dan Ackroyd)

Hi Nicolas,

On Thu, 8 Sept 2022 at 18:06, Nicolas Grekas
<nicolas.grekas+php@gmail.com> wrote:
>
> There needs to be serious justification for it.

I think this is covered by the RFC.

The current behaviour where people have to setup a custom error
handler, and then restore the previous error handler, is pretty
'ungood'.

The proposed replacement behaviour, where people can actually find out
the problem that happened is better.

> About 2., unserialize() accepts a second argument to give it options. Did
> you consider adding a 'throw_on_error' option to opt-in into the behavior
> you're looking for?

A new option might be a good idea, but unserialize should have
sensible defaults, and the current behaviour is really not that
sensible.

So, imo, an opt-out would be a better choice. It would allow anyone
who cares enough to keep backwards compatibility when they upgrade to
the next version of PHP by adding that to the options array, but
everyone who is unaware of the option gets the more sensible behaviour
by default.

cheers
Dan
Ack