Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:125456
X-Original-To: internals@lists.php.net
Delivered-To: internals@lists.php.net
Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5])
	by qa.php.net (Postfix) with ESMTPS id 194161A00BD
	for <internals@lists.php.net>; Fri,  6 Sep 2024 18:45:02 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail;
	t=1725648420; bh=5PDHyiW4CPs634dtHJ9bYQC869c3nYn2qpsmzmBRBAg=;
	h=Date:From:To:Cc:In-Reply-To:References:Subject:From;
	b=E8hLagALxkQA6r1LZwnTWBrxhuG7jQeBM7moMn80ZjKww7gzwRKSXO0zYIcntnyEO
	 Kp1K10L+tgKIh7q1lVLHtl0W8ag3pdXMZDfP9OlqmpLLOfLlHG5IUTLlMvKha+3A5G
	 t3Hu5rg0VtyCqyyk4k8vR3s//ejliQQjbzAimIaddaQkudEht208VnnQzJw/W0jsHn
	 lZK4onbFA7X1mwtElQB+opSCM21MoCljP/1LV9IjkfdC7/U/BMBsGmMNNCMNWa5rdF
	 zXnvWZGdlRdJlaIs6JNC7kYExQUURk/M9XGPoZUXoazcHRXQ77DugttAA5nBaAmKPj
	 MNr9NN63eBisg==
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 8A2AE180795
	for <internals@lists.php.net>; Fri,  6 Sep 2024 18:46:58 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_50,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_MISSING,HTML_MESSAGE,
	RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS autolearn=no
	autolearn_force=no version=4.0.0
X-Spam-Virus: No
X-Envelope-From: <rob@bottled.codes>
Received: from fout6-smtp.messagingengine.com (fout6-smtp.messagingengine.com [103.168.172.149])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Fri,  6 Sep 2024 18:46:56 +0000 (UTC)
Received: from phl-compute-01.internal (phl-compute-01.phl.internal [10.202.2.41])
	by mailfout.phl.internal (Postfix) with ESMTP id 6B8571380205;
	Fri,  6 Sep 2024 14:44:57 -0400 (EDT)
Received: from phl-imap-09 ([10.202.2.99])
  by phl-compute-01.internal (MEProxy); Fri, 06 Sep 2024 14:44:57 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bottled.codes;
	 h=cc:cc:content-type:content-type:date:date:from:from
	:in-reply-to:in-reply-to:message-id:mime-version:references
	:reply-to:subject:subject:to:to; s=fm2; t=1725648297; x=
	1725734697; bh=10veA16XPu1IO0kTnNr7b3ExownIlKqG0LKuaAdylwQ=; b=n
	AFZR7ECjfWrNgqbJOO40agtg3K0gxX30H3RIZfsrJ0Qn9HPhyVF0+kjR72d7y3UP
	e3sNLEWzgSLfviKxwbtad0bbrlwAuEZ7VSMh8/irVkeQo6vZiHpt8jr9Z4dgjZdX
	ORvdzKgB9UXn/xo7/2he2QCipaBg1tJKuUY58epmWPS+TOCmVcc1oD+SRdKYX6S4
	mXYb6FLwwnLU1zsYzDZpW0eQUXAVPmPD2o0+acQR1kfwFRuulfm+wvQPsD4Sf0Tg
	tRl8TSYNGAscDAX3p0No8EIJJlOTL023ZxAaJnZOx6Lq26Zfk2KSdkHyh/+Xy6io
	yoBuJWJwIDXQo3Zi1/QqA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:subject:subject:to
	:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
	fm1; t=1725648297; x=1725734697; bh=10veA16XPu1IO0kTnNr7b3ExownI
	lKqG0LKuaAdylwQ=; b=KlYXpJM9cQvkZ+XPLWsjoZIG+9jUeEwQlPOebxrwKrM4
	FDpQPHXND/ECU7MC7WWRmnrw7z3kaLbgJvGDVal/KppSbL21K8sO4+ToBnDwXSSH
	sxAIvZXNCgCZ7dFSmogUvIhZ+71VcytSAYaZ6MLJl/f6ZKlBlEPVvew5uBkDNM0x
	h34Pyp+BtUJPPI/bIpUGcEt0rMCBi9vorQLcno1vkkCcP8u1DARrJhhd98FPhwMM
	0xIXcRo/hkH4kYbIJgh7pnL8BoClGNyUQek+ATymNO7hTcX7U14IjOj1wWHeSZJF
	Oe2Uw+Bk1otzw/EQ1OrPYjOAhVPKMWmqPzFfEdz7Og==
X-ME-Sender: <xms:qU3bZpkQwmMz-oQHmV6WIORXpzwSpjErX4Jt7ss_JTYgxJzv6Unp0Q>
    <xme:qU3bZk2jjBfNa9R9gxqWL7pzxiCQKC2JApatLYkT5xeDY7cd9O3pzmq6l0v9u1FPm
    lEUkM6os9KeumGgGeQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrudeiuddgudefudcutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp
    uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivg
    hnthhsucdlqddutddtmdenucfjughrpefoggffhffvvefkjghfufgtsegrtderreertdej
    necuhfhrohhmpedftfhosgcunfgrnhguvghrshdfuceorhhosgessghothhtlhgvugdrtg
    houggvsheqnecuggftrfgrthhtvghrnhepffegveevgedtfffgffdvffdtvdehueelgeev
    keetffeuleeitdegkeejtedtteeknecuffhomhgrihhnpehphhhprdhnvghtnecuvehluh
    hsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheprhhosgessghothht
    lhgvugdrtghouggvshdpnhgspghrtghpthhtohepgedpmhhouggvpehsmhhtphhouhhtpd
    hrtghpthhtohepjhhohhhnsegtohhgghgvshhhrghllhdrohhrghdprhgtphhtthhopegt
    lhgruhguvgdrphgrtghhvgesghhmrghilhdrtghomhdprhgtphhtthhopehinhhtvghrnh
    grlhhssehlihhsthhsrdhphhhprdhnvghtpdhrtghpthhtohepphhhohhfshhtvghtthgv
    rhesshgvnhhsrghtihhonhgrlhdrtghh
X-ME-Proxy: <xmx:qU3bZvoN9alIqLVKFjFIpMdPT_g0oFkug6GvBAeH-bDhadPlvYHP-Q>
    <xmx:qU3bZpn7QHt3QSez8J40ClRNFOPZAkI4GT2L1wvVw-4Fq3xggj9-xA>
    <xmx:qU3bZn1aBrgbM_w2wpyweLz89-Cr20VG5bx11leSw-5nLqhdezezLA>
    <xmx:qU3bZotxI2KnLLXG8RsCeutFbr3SiURSoAHZu4VrobMv7Z9GKESsuA>
    <xmx:qU3bZoxd1k0AL7AbVt6izF15o3E9clOPLbG5nuIBkJ6fkntNjFCpAOM7>
Feedback-ID: ifab94697:Fastmail
Received: by mailuser.phl.internal (Postfix, from userid 501)
	id E1915780067; Fri,  6 Sep 2024 14:44:56 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
Precedence: bulk
list-help: <mailto:internals+help@lists.php.net
list-unsubscribe: <mailto:internals+unsubscribe@lists.php.net>
list-post: <mailto:internals@lists.php.net>
List-Id: internals.lists.php.net
x-ms-reactions: disallow
MIME-Version: 1.0
Date: Fri, 06 Sep 2024 20:44:36 +0200
To: "Claude Pache" <claude.pache@gmail.com>,
 "John Coggeshall" <john@coggeshall.org>
Cc: "Philip Hofstetter" <phofstetter@sensational.ch>,
 "PHP internals" <internals@lists.php.net>
Message-ID: <bb5f915e-71ab-4582-9424-17cc9fe0e6fa@app.fastmail.com>
In-Reply-To: <B3E431AC-074E-42B0-B770-139456579861@gmail.com>
References: 
 <CAGKNXQG32aF58gPnf1ywbmde72F_Wwjib0oXhN_ve6336RnQXg@mail.gmail.com>
 <98553A91-FD3F-4E1B-91D9-D8B00CAD5FC5@getmailspring.com>
 <B3E431AC-074E-42B0-B770-139456579861@gmail.com>
Subject: Re: [PHP-DEV] RFC: Deprecate json_encode() on classes marked as
 non-serializable
Content-Type: multipart/alternative;
 boundary=6e1d5dc5e07f4468b8bdc2c91e31f18d
From: rob@bottled.codes ("Rob Landers")

--6e1d5dc5e07f4468b8bdc2c91e31f18d
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On Fri, Sep 6, 2024, at 20:07, Claude Pache wrote:
>=20
>=20
>> Le 5 sept. 2024 =C3=A0 18:03, John Coggeshall <john@coggeshall.org> a=
 =C3=A9crit :
>>=20
>>=20
>>> As per my previous email to the list, I have now created the officia=
l RFC to deprecate calling json_serialize() on instances of classes mark=
ed with ZEND_ACC_NOT_SERIALIZABLE.
>>=20
>> I would suggest we take a step back from this and look at it with a b=
it more of a wider lens. It seems to me that this would be a good place =
to have an attribute (e.g. `#[NotSerializable]` )  that could be defined=
 for any class (with `ZEND_ACC_NOT_SERIALIZABLE`  being automatically gi=
ven this attribute)? It just seems to be a more holistic approach that m=
akes sense, rather than basing it on internal engine stuff and/or limiti=
ng it to internal objects.
>>=20
>> Coogle
>>=20
> Hi,
>=20
> An attribute adds very little value. It doesn=E2=80=99t add new capabi=
lity, because you can achieve the same effect with a serialiser that thr=
ows unconditionally; it is just a nicer syntax. People generally don=E2=80=
=99t bother making their classes unserialisable unless they have a good =
reason; having an attribute won=E2=80=99t really change that.

You also need to ensure that you make it final, as someone could extend =
your class and make your borked serializer work.

> The core problem is that objects are json-serialisable by default, alt=
hough most of them are not supposed to be json-serialised. Taking a seco=
nd step back, if we really want to solve the issue, one should:
>=20
> * for internal classes, determine which ones could be json-serialisabl=
e (at least, stdClass); for all other classes, `json_encode(...)` shall =
be disabled (after a deprecation period);
> * for user-defined classes, the user shall opt into json-serialisabili=
ty, either by extending a json-serialisable class, or by using an {attri=
bute / magic method / interface} (chose your bikeshed colour).
>=20
> =E2=80=94Claude

I also agree with this to a point: there is the https://www.php.net/manu=
al/en/class.jsonserializable.php interface, after all.

=E2=80=94 Rob
--6e1d5dc5e07f4468b8bdc2c91e31f18d
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html><html><head><title></title><style type=3D"text/css">p.Mso=
Normal,p.MsoNoSpacing{margin:0}</style></head><body><div>On Fri, Sep 6, =
2024, at 20:07, Claude Pache wrote:<br></div><blockquote type=3D"cite" i=
d=3D"qt" style=3D"overflow-wrap:break-word;"><div><br></div><div><div><b=
r></div><blockquote type=3D"cite"><div>Le 5 sept. 2024 =C3=A0 18:03, Joh=
n Coggeshall &lt;john@coggeshall.org&gt; a =C3=A9crit :<br></div><div><b=
r></div><div><div><br></div><blockquote><div><div><div class=3D"qt-gmail=
_signature"><div>As per my previous email to the list, I have now create=
d the official RFC to deprecate calling json_serialize() on instances of=
 classes marked with ZEND_ACC_NOT_SERIALIZABLE.<br></div></div></div></d=
iv></blockquote><div><div><div class=3D"qt-gmail_signature"><div><br></d=
iv><div>I would suggest we take a step back from this and look at it wit=
h a bit more of a wider lens. It seems to me that this would be a good p=
lace to have an attribute (e.g. <code>#[NotSerializable]</code>&nbsp;)&n=
bsp; that could be defined for any class (with <code>ZEND_ACC_NOT_SERIAL=
IZABLE</code>&nbsp; being automatically given this attribute)? It just s=
eems to be a more holistic approach that makes sense, rather than basing=
 it on internal engine stuff and/or limiting it to internal objects.<br>=
</div><div><br></div><div>Coogle<br></div><div><br></div></div></div></d=
iv></div></blockquote></div><div>Hi,<br></div><div><br></div><div>An att=
ribute adds very little value. It doesn=E2=80=99t add new capability, be=
cause you can achieve the same effect with a serialiser that throws unco=
nditionally; it is just a nicer syntax. People generally don=E2=80=99t b=
other making their classes unserialisable unless they have a good reason=
; having an attribute won=E2=80=99t really change that.<br></div></block=
quote><div><br></div><div>You also need to ensure that you make it final=
, as someone could extend your class and make your borked serializer wor=
k.<br></div><div><br></div><blockquote type=3D"cite" id=3D"qt" style=3D"=
overflow-wrap:break-word;"><div>The core problem is that objects are jso=
n-serialisable by default, although most of them are not supposed to be =
json-serialised. Taking a second step back, if we really want to solve t=
he issue, one should:<br></div><div><br></div><div>* for internal classe=
s, determine which ones could be json-serialisable (at least, stdClass);=
 for all other classes, `json_encode(...)` shall be disabled (after a de=
precation period);<br></div><div>* for user-defined classes, the user sh=
all opt into json-serialisability, either by extending a json-serialisab=
le class, or by using an {attribute / magic method / interface} (chose y=
our bikeshed colour).<br></div><div><br></div><div>=E2=80=94Claude<br></=
div></blockquote><div><br></div><div>I also agree with this to a point: =
there is the&nbsp;<a href=3D"https://www.php.net/manual/en/class.jsonser=
ializable.php">https://www.php.net/manual/en/class.jsonserializable.php<=
/a>&nbsp;interface, after all.<br></div><div><br></div><div id=3D"sig121=
229152">=E2=80=94 Rob<br></div></body></html>
--6e1d5dc5e07f4468b8bdc2c91e31f18d--