Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:118814 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 46691 invoked from network); 14 Oct 2022 20:42:26 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 14 Oct 2022 20:42:26 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 8C80B1804F8 for ; Fri, 14 Oct 2022 13:42:24 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Fri, 14 Oct 2022 13:42:24 -0700 (PDT) Received: by mail-wm1-f47.google.com with SMTP id c3-20020a1c3503000000b003bd21e3dd7aso6365353wma.1 for ; Fri, 14 Oct 2022 13:42:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=x4+HwERHqZIC3zIhduf42OFg0a8s0nlHMRPnUTax2Zg=; b=K/wPHOpyNh0II7TOGpscMhEujqlVxi9a0bqXWcykRL7zsM7EICk7lvvES4d6skTvmL TzL4LzMxifJkY1oCeYsHCzWAvg+CNmIwGJFIVF39C6jhZpLA57zW4XIOH1z9M5M0OZHE CE4/gqQMiGheonLy0iWhQ//11vFeIl7/cvC0h2RunOnlAoNcu/h54wXfdkvwpxp2EmVe CxnjSm4TfC3PG2JHVHBd4f95HWhtS2RV3IdM/B4a49H/bedNDN2Uas7MyIj6ROyARQZp Go9hMXdAVMHVKgydFQb0NoBjmFs18r2ugmlLGc8sZHsrnZPJlmFzsegVuSa25CmkBabg c/Pw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=x4+HwERHqZIC3zIhduf42OFg0a8s0nlHMRPnUTax2Zg=; b=2SslWQkm9NPuOVcNgNVh1jdjgUccLxGtB6Z9Pywf42TnicDHPSBmgm068ybON3huGL DRKYDrelp/5r41mKVnyBExkOPpvquAuymM/knp21p+4vCTQS/nYasKFjQTC14Wr54DVE f2Ulx9+lUiISHYDyqmqbCOJUqSs4HfyTd4p1oTRjZNAGSJ/D0OyDwbCw9tXd8mka83WM 9KwqjG3xLod2mV+GAnskyyKbm3JjW1ih3+Y94KiSOiIidVnEBWD8wrsmM9p1ilVxCyAP LxsazKPT5XTP4n1dcYDey7LBwoSOXpcgPUP2jx4sjwoeJy2/hJy4gV/R87wQytX0YLEY Q5Yg== X-Gm-Message-State: ACrzQf3fpHvuhEGPzEiz1ul2zFCLeLiH6RfkaUQ+OPvSQwDvvBPapCS9 WDgZxj4xWaclqjKf008XeMoshM4wKZw1364QDC8Avte6rIE= X-Google-Smtp-Source: AMsMyM5y4W36ckTZSmowotoL5BKosu9qDxBCW+WFhzFrEkiE3wevjU3gzQIhAxGVEOoeuTWrA2brXBiR9oe6z/Z82+o= X-Received: by 2002:a05:600c:198d:b0:3b4:a62c:a085 with SMTP id t13-20020a05600c198d00b003b4a62ca085mr11107510wmq.140.1665780142654; Fri, 14 Oct 2022 13:42:22 -0700 (PDT) MIME-Version: 1.0 References: <22177032-fe72-c39b-63fe-fa4368a70852@bastelstu.be> In-Reply-To: <22177032-fe72-c39b-63fe-fa4368a70852@bastelstu.be> Date: Fri, 14 Oct 2022 22:42:10 +0200 Message-ID: To: =?UTF-8?Q?Tim_D=C3=BCsterhus?= Cc: PHP internals Content-Type: multipart/alternative; boundary="000000000000ad48b405eb04a98a" Subject: Re: [PHP-DEV] [VOTE] Improve unserialize() error handling From: nicolas.grekas+php@gmail.com (Nicolas Grekas) --000000000000ad48b405eb04a98a Content-Type: text/plain; charset="UTF-8" Hi Tim, as announced on Wednesday [1] I've now opened the vote for: > > "Improve unserialize() error handling" [2] > > The RFC contains three votes, each of which requires a 2/3 majority. Two > of the votes are for 8.x (8.3), one for 9.0. > > Voting will run 2 weeks until: > > 2022-10-28 at 14:00 UTC > > -------- > > Please find the below resources for your reference: > > RFC: https://wiki.php.net/rfc/improve_unserialize_error_handling > PoC implementation: > - https://github.com/php/php-src/pull/9425 > - https://github.com/php/php-src/pull/9629 > > Discussion Thread: https://externals.io/message/118566 > Related Thread: https://externals.io/message/118311 > > -------- > > [1] https://externals.io/message/118566#118807 > [2] https://wiki.php.net/rfc/improve_unserialize_error_handling > Not sure why I didn't think about it before but I just ran the test suite of Symfony after applying the patch proposed in the RFC to change the way exceptions are handled by unserialize. This change breaks the test suite of 5 separate components. I created this gist to list all the failures: https://gist.github.com/nicolas-grekas/3da652a51669baa40c99bd20e4a1b4dd Maybe I wasn't convincing enough during the discussion period, but that doesn't change the fact that the proposed behavior in the RFC is a very clear BC break that will affect userland significantly. I'm therefore voting NO on the proposal. Cheers, Nicolas --000000000000ad48b405eb04a98a--