Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:119746
Return-Path: <michal.brzuchalski@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 97014 invoked from network); 27 Mar 2023 18:21:11 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 27 Mar 2023 18:21:11 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 56BD31804F7
	for <internals@lists.php.net>; Mon, 27 Mar 2023 11:21:10 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,
	RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <michal.brzuchalski@gmail.com>
Received: from mail-yw1-f181.google.com (mail-yw1-f181.google.com [209.85.128.181])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Mon, 27 Mar 2023 11:21:09 -0700 (PDT)
Received: by mail-yw1-f181.google.com with SMTP id 00721157ae682-5456249756bso186368707b3.5
        for <internals@lists.php.net>; Mon, 27 Mar 2023 11:21:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112; t=1679941269;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=TVXX1ttZCWAcs4Nh/mJq0oyu5neDC8i6q+ey0Fkua4w=;
        b=oHU4dVVC9tOY9iJebXa68ERoGQ4Stw9Njfg2X+7+EfWPg7SjmTN6E1cAutziA5eW1B
         wPoVgKpa68VcQKDBKIg+x0Wxgae0NAC4w+alVMfJumavHaIE42hghBgWpaTzzPkdx39p
         ybgm6KqNymzsAR/XZcTc+ZMCHM3oLepXYM4zoobTVQ6+m/451QRWtfwEYbMd/8fAX01O
         EQ//J6UiUC4sbJoPqc6JNrv4sh8inXNAvgUCboUhv8yhgpsfRVix+DEGYSmUEqPw43B7
         6tgseqztmQ4G7KTDqav2VnLpexjJsWUMYdDZl3bre3xCAnENMpPmIBcC43Jug9ZHpWwe
         xT0Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112; t=1679941269;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=TVXX1ttZCWAcs4Nh/mJq0oyu5neDC8i6q+ey0Fkua4w=;
        b=cB+scJAB1xIIl5svZelqdGIwjTR6pH4Q4b36U4/6iyMvUO0JwrPBVXSR0D1XtBug3V
         UykKrDPcmQG/HwKXXxqdCKhzVW94c3nwSBVUeAxQWSwHRmqlUFQvkWS00q8WwXSHiABw
         D85c0WhTkyoKCz9t+/bqTc2H9UM8bXo7FDPJpQ5rE/ldvrA6McOyxVIU6EanUnWtXzMy
         c/8h+WCaUD5g1Q6UQaPCJaNmJYyWRTV77+4Q2N9sRCEKX86DQ+Ufkj23ZGmmzdPgic64
         cCDZf/tkJ/APUdBBUXv+Ke+rDj4NBZ/DHnxjoIzXoeju9et/IETJOufov7wmNDDAAEMU
         ScCg==
X-Gm-Message-State: AAQBX9ey5RKGgfPNNdU44ihe3/1Z1rUYojKRcaW9t38SBRsiqXelCP/D
	a9kcq5ZKVgwyLgXnqbnR3EZXUGyiaHIPF9Wekcc=
X-Google-Smtp-Source: AKy350bE0rVyj2ATSxBWc7PKAZ7WM/JCpt+r1UXCP5nKRLdmVxl/xaXq4a/OVG9uxkNnBNg+Sgk0AlskHwrzT69FU00=
X-Received: by 2002:a81:ae21:0:b0:543:bbdb:8c2b with SMTP id
 m33-20020a81ae21000000b00543bbdb8c2bmr5977211ywh.10.1679941269144; Mon, 27
 Mar 2023 11:21:09 -0700 (PDT)
MIME-Version: 1.0
References: <f37f233b-6645-d618-0868-78cbadb649a2@bastelstu.be>
In-Reply-To: <f37f233b-6645-d618-0868-78cbadb649a2@bastelstu.be>
Date: Mon, 27 Mar 2023 20:20:58 +0200
Message-ID: <CABdc3WovbsYH2BTsTbeD71bSfM44C1nocXtoxQpPo=E2Fq4iLQ@mail.gmail.com>
To: =?UTF-8?Q?Tim_D=C3=BCsterhus?= <tim@bastelstu.be>
Cc: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="0000000000009749dd05f7e5ce16"
Subject: Re: [PHP-DEV] RFC [Discussion]: Make unserialize() emit a warning for
 trailing bytes
From: michal.brzuchalski@gmail.com (=?UTF-8?Q?Micha=C5=82_Marcin_Brzuchalski?=)

--0000000000009749dd05f7e5ce16
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Tim,

thanks for the RFC

pon., 27 mar 2023 o 19:04 Tim D=C3=BCsterhus <tim@bastelstu.be> napisa=C5=
=82(a):

> Hi
>
> I'm now opening discussion for the RFC "Make unserialize() emit a
> warning for trailing bytes":
>
> ----
>
> RFC: Make unserialize() emit a warning for trailing bytes
> https://wiki.php.net/rfc/unserialize_warn_on_trailing_data
>
> Proof of concept implementation is in:
>
> https://github.com/php/php-src/pull/9630
>
> ----
>
> Best regards
> Tim D=C3=BCsterhus
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: https://www.php.net/unsub.php
>
>
 Personally, I'd like the unserialize to throw an exception if trailing
bytes are detected.
If not by default then with the use of the option passed to unserialize
function.

Cheers,
Micha=C5=82 Marcin Brzuchalski

--0000000000009749dd05f7e5ce16--