Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:54725
Return-Path: <tyra3l@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 67555 invoked from network); 19 Aug 2011 12:40:49 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 19 Aug 2011 12:40:49 -0000
Authentication-Results: pb1.pair.com smtp.mail=tyra3l@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=tyra3l@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.83.42 as permitted sender)
X-PHP-List-Original-Sender: tyra3l@gmail.com
X-Host-Fingerprint: 74.125.83.42 mail-gw0-f42.google.com  
Received: from [74.125.83.42] ([74.125.83.42:55307] helo=mail-gw0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 0B/2B-11562-FC95E4E4 for <internals@lists.php.net>; Fri, 19 Aug 2011 08:40:48 -0400
Received: by gwb17 with SMTP id 17so1910822gwb.29
        for <internals@lists.php.net>; Fri, 19 Aug 2011 05:40:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type:content-transfer-encoding;
        bh=TB+sxR9YRqgkaa3z0C2SUF5MFJZQd2+eyNRBfO2dL5I=;
        b=fPZNbIKm/ouINZUsV3n44MQAk83bd7rUbnVOS+Z77fqwtEnPUDRBupRPJZU3cfqThE
         9aHKqOPqA3JkRzv0epK2ijaxFydYYFy3l83PFSZ3/NCdTH1SQE+KCz5Rj72OeA8o4dAy
         9aD3Of/5X2A9VxplIq11695gATnOLdL3f/Yw4=
MIME-Version: 1.0
Received: by 10.150.253.9 with SMTP id a9mr2215218ybi.230.1313757644939; Fri,
 19 Aug 2011 05:40:44 -0700 (PDT)
Received: by 10.146.83.5 with HTTP; Fri, 19 Aug 2011 05:40:44 -0700 (PDT)
In-Reply-To: <CA+p1TcZ-_X7x7VdkhjeY86vC67PNmoZ93BcwuJ2uKdWJzhvFLQ@mail.gmail.com>
References: <CAKxcST-n_aC1NJ8pLg5natwRRcxEHV_t-fiEhYX4mc=G7WPFaA@mail.gmail.com>
	<4E4E48F6.8010107@php.net>
	<CAEZPtU5uRFO+mhQTJDZm32_Y7k6p9HzZmn1YiRmW4iZQrmht9A@mail.gmail.com>
	<CAKxcST9AYTb+SJJydb0u5RK+XgP7og8KqH+1u-7trDrSJBPOKA@mail.gmail.com>
	<CAH-PCH56zYkJH8BaGHdKTUmBm6V+k_yxKfAVp9XuES_B5ps5CQ@mail.gmail.com>
	<CA+p1TcZ-_X7x7VdkhjeY86vC67PNmoZ93BcwuJ2uKdWJzhvFLQ@mail.gmail.com>
Date: Fri, 19 Aug 2011 14:40:44 +0200
Message-ID: <CAH-PCH7xRmE2Uc2smRtBiRyyxzvhBWux7E8naAV_0+y-9dv6Qg@mail.gmail.com>
To: Arpad Ray <arraypad@gmail.com>
Cc: Paul Dragoonis <dragoonis@gmail.com>, Pierre Joye <pierre.php@gmail.com>, 
	Sebastian Bergmann <sebastian@php.net>, internals@lists.php.net
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] Activation of IGBinary serialization extension in 5.4
 by default
From: tyra3l@gmail.com (Ferenc Kovacs)

On Fri, Aug 19, 2011 at 2:31 PM, Arpad Ray <arraypad@gmail.com> wrote:
> On Fri, Aug 19, 2011 at 1:04 PM, Ferenc Kovacs <tyra3l@gmail.com> wrote:
>> this could still cause problems, as pointed out before (when you
>> change your handler, or when you pass serialized data between
>> different php installs, etc.), so I really like what Kiall Mac Innes
>> suggested: prefix the data with the serializer identifier.
>> if it is missing, =C2=A0then it was serialized with the old method, if i=
t
>> is present, the appropriate method should be used, if the serializer
>> ident is there but unknown, then exit with a fatal error telling the
>> user that the custom handler is missing.
>
> This came up when we discussing changing the default session
> serialization format a while ago. A prefix is a nice idea but care
> would have to be taken not to collide with any of the bytes which are
> valid for the current format to start with.
>
> Might be more of a curiosity than anything useful, but IIRC
> unserialize() currently ignores everything after the end of the data.
>
>> the downside would be that if you want to serialize/unserialize the
>> data outside of php, your implementation should take care of this
>> prefix.
>> just a wild idea, but maybe useful:
>> instead of creating a prefix, we could serialize the passed data with
>> the given(php, igbinary, etc.) handler, then wrap the whole stuff into
>> an array which holds the name of the used handler and the serialized
>> data, and serialize this array with the old(php) serialize method.
>> this way the datablob would be always a valid serialized string, and
>> would be easier to get the serialize method than with the prefixing.
>
> If my old app couldn't read some newly serialized string, I'd rather
> it failed hard than apparently succeed but have the wrong data.
>

http://php.net/unserialize
In case the passed string is not unserializeable, FALSE is returned
and E_NOTICE is issued.
so if you unserialize from php, my suggestion would fail harder.
when you unserialize it from another mean (parsing it on your own, or
from a different language), you are right, it would produce a valid
but different result what you would expect, but this could be
documented, and I don't think that that many users do this, and maybe
they are using json/bson/igbinary already.

--=20
Ferenc Kov=C3=A1cs
@Tyr43l - http://tyrael.hu