Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:26830
Return-Path: <sesser@hardened-php.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 97637 invoked by uid 1010); 7 Dec 2006 11:36:15 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 97622 invoked from network); 7 Dec 2006 11:36:15 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 7 Dec 2006 11:36:15 -0000
Authentication-Results: pb1.pair.com smtp.mail=sesser@hardened-php.net; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=sesser@hardened-php.net; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain hardened-php.net from 81.169.146.188 cause and error)
X-PHP-List-Original-Sender: sesser@hardened-php.net
X-Host-Fingerprint: 81.169.146.188 mo-p07-ob.rzone.de Solaris 10 (beta)
Received: from [81.169.146.188] ([81.169.146.188:30953] helo=mo-p07-ob.rzone.de)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 1E/D2-13900-B8CF7754 for <internals@lists.php.net>; Thu, 07 Dec 2006 06:36:14 -0500
Received: from [192.168.1.77]	(p5B0069DB.dip.t-dialin.net [91.0.105.219])
	by post.webmailer.de (mrclete mo25) (RZmta 3.8)	with ESMTP	id iB7AcdIL00e89D;
	Thu, 7 Dec 2006 12:35:28 +0100 (MET)
Date: Thu, 7 Dec 2006 12:35:28 +0100 (MET)
Message-ID: <4577FC87.7090109@hardened-php.net>
User-Agent: Thunderbird 1.5.0.8 (Windows/20061025)
MIME-Version: 1.0
To: Andrei Zmievski <andrei@gravitonic.com>
CC: Ilia Alshanetsky <ilia@prohost.org>,  php-dev Internals
 <internals@lists.php.net>
References: <0c60b01d19ec7e242ade31e29120ee27@gravitonic.com>
 <B35ECEC9-4521-4E45-B25F-4C24DA6F761F@prohost.org>
 <e6467502c33de220da853a7b2e89bf78@gravitonic.com>
In-Reply-To: <e6467502c33de220da853a7b2e89bf78@gravitonic.com>
X-Enigmail-Version: 0.94.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] PHP 5.2: Serialization patch
From: sesser@hardened-php.net (Stefan Esser)

Guys,

why can't you simply introduce a new variable type for serialized
strings like uppercase S:
There is absolutely no need for breaking backward compatibility. If you
want to introduce
NEW features then introduce them and do not abuse old ones.

Stefan


Andrei Zmievski schrieb:
> I don't see a way we can make it work for all the cases. I guess we'll
> have to leave this task to PHP_Compat.
>
> -Andrei
>
> On Dec 1, 2006, at 3:03 PM, Ilia Alshanetsky wrote:
>
>> As it stands the current code breaks BC on decoding when the
>> serialized string contains \ characters.
>>
>> For example:
>>
>> Input                    PHP 5.2                PHP 5.2 w/patch
>> -------------------------------------------------------------------------------------------
>>
>> s:7:"foo\10b";                foo\10b                 error (NULL
>> returned)
>> s:7:"foo\bar";                foo\bar                error (NULL
>> returned)
>> s:5:"\\\\\";                    \\\\\                    error (NULL
>> returned)
>>
>> Basically any operation involving strings with \ in them, stop
>> working once the patch is applied.
>>
>> There is also the performance drawback to consider, which based on a
>> rudimentary test involving $_SERVER serialization, shows that the new
>> code is roughly 1/2 slower.
>>
>> 5.2: 0.388
>> 5.2 w/patch: 0.652
>>
>> Ilia
>
> --PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>