Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:119106 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 72845 invoked from network); 10 Dec 2022 10:06:06 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 10 Dec 2022 10:06:06 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 4C2FA18050B for ; Sat, 10 Dec 2022 02:06:05 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,MISSING_HEADERS, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-oa1-f42.google.com (mail-oa1-f42.google.com [209.85.160.42]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Sat, 10 Dec 2022 02:06:04 -0800 (PST) Received: by mail-oa1-f42.google.com with SMTP id 586e51a60fabf-1443a16b71cso2657483fac.13 for ; Sat, 10 Dec 2022 02:06:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:cc:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=RXLgAhCdkcJEzNT7VhC91bGp0QmbVFGVIsVOS93UbMs=; b=ZDZPbtlZCYTPNBGgl2G3osX/1RB4FQQDSZjiG1Fp3FX8iEsV71bBipTxjuVCushPC1 eYJ7XdcjetXIghA/EME0qu9JnbSxeuXmMcSNPyhBDsa8Gr80biiOlHGFndCVTKz8rx7E K8ktNHDo75+376U6e9HlV1BycgjL50gdPpOb98VYin+ewt5kMpUyaQ5P1kHCoA/bk3rv wmnVaQF31Ajppp6fjq7d0dntB9ZFbzb18/9nVZJ+ybvPo8xNLS63WX1CShdrd3lSJ67Q /74tLBK/0qrgZXF8F5Mg8kXHazPA6sgGyfSCd2y8bWvwLx2dGP4Uv9C3tIKMDM7xVjV3 NbZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RXLgAhCdkcJEzNT7VhC91bGp0QmbVFGVIsVOS93UbMs=; b=pIXELQRjzcVDwXoHXWqt5UZW7jBRTA0HWdJC2RFBjcGbErnBrxdkHPBEACdeKGmEg6 FBDeOZiWCCaAL69LiRZjIpQNF+HmumsuW9E6TUuvEd99u2/HTMPTSD+e0InzGwn+35MI 7hqu+dvWUQCQl6Lq8mTpMsdzltMk/0bK0sR1Ac2Ln8ljIZJTdCMumI1QCQ6v2GhRX7Wr N4E0nYyXbG3UJudQZK+CdpVsLEPwxjb6X2N9mtEUEYiMIV9qQRSJsMKsEvZuUzfRyIHy YLYQW7WanY9p0C4YM84E88L2U1zQ7YlerxbibSVHX3XX5OvHAs5Q5LSoCPcInfX8wxD1 P+hw== X-Gm-Message-State: ANoB5pkRn8xcY27nsOD/K5XnL0kXq7nSI6bWg8VbKTTEppkSsje3QhuG TRJAmqrt3p+0u9NAIzs/uoCZ6a6STrtupacvl/cXXZC2/ltSmlZd X-Google-Smtp-Source: AA0mqf6oBxU+Ud09LtIGAPRWFDu2eo2xs1Jr+ZsLz3Q0Ysw2TO3HwU3Np0VO6lS+Vsnx9n7ND8Cd3ZByaW06pj4db2U= X-Received: by 2002:a05:6870:9a8c:b0:144:910f:43ea with SMTP id hp12-20020a0568709a8c00b00144910f43eamr10081358oab.140.1670666764116; Sat, 10 Dec 2022 02:06:04 -0800 (PST) MIME-Version: 1.0 References: <35fb3b18-79d0-4d8b-02cd-9eab0a4ecacb@bastelstu.be> In-Reply-To: <35fb3b18-79d0-4d8b-02cd-9eab0a4ecacb@bastelstu.be> Date: Sat, 10 Dec 2022 11:05:53 +0100 Message-ID: Cc: PHP Developers Mailing List Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] [RFC] More Appropriate Date/Time Exceptions From: landers.robert@gmail.com (Robert Landers) On Fri, Dec 9, 2022 at 5:31 PM Tim D=C3=BCsterhus wrote: > > Hi > > On 12/9/22 17:17, Dan Ackroyd wrote: > >> If your data fails to > >> unserialize, the only safe option is to throw it away. > > > > Even given that, you probably want to investigate how it got corrupted > > so that you can stop it from happening again. And doing that would > > rely on being able to see the data that you attempted to unserialize. > > That's fair, but does not require dedicated subclasses. Investigating > corrupted serialization data is not something that can be done > programmatically, instead an actual human has to look at the error > message and possibly stack trace within the error log / within Sentry / > whatever floats your boat. > > I'm not against improving the error messages to more clearly indicate > what part of the serialized data is broken, I'm against ext-specific or > library-specific exception classes for unserialization failures, because > that will lead to assumptions being made that will not hold in the > general case. > > Best regards > Tim D=C3=BCsterhus > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php > I feel like the RFC could use a bit more clarity around what "unserialize" means. Are we talking about the literal "unserialize()" function, or are we also talking about unserializing a string into a DateTimeInterface object? I took it to mean the latter, and if the latter, then I think putting the original data in the error object is quite important. It's important for generating user-submitted errors, reading data from a database/cache, or other messages. However, I generally feel that the program will always have access to the raw data, after all, it is unserializing it. If the application/framework/whatever wants to log it, it should be able to do that without PHP's help. -- Rob