Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:74984
Return-Path: <julienpauli@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 93052 invoked from network); 19 Jun 2014 09:02:21 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 19 Jun 2014 09:02:21 -0000
Authentication-Results: pb1.pair.com smtp.mail=julienpauli@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=julienpauli@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.128.174 as permitted sender)
X-PHP-List-Original-Sender: julienpauli@gmail.com
X-Host-Fingerprint: 209.85.128.174 mail-ve0-f174.google.com  
Received: from [209.85.128.174] ([209.85.128.174:34403] helo=mail-ve0-f174.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id EC/94-60202-C17A2A35 for <internals@lists.php.net>; Thu, 19 Jun 2014 05:02:21 -0400
Received: by mail-ve0-f174.google.com with SMTP id jx11so2009225veb.19
        for <internals@lists.php.net>; Thu, 19 Jun 2014 02:02:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc:content-type;
        bh=J4GKK2wsmccQp87GEZhb4qQKo/sC3FjSFx9vnYTAY6M=;
        b=g+Wi8Se6Mh5wGY4PbSKuhCKEgWal7eWep6zkOQonvLQveVQiZENkqppnGR5apnKt5I
         Gsy0Dlab9Ae065mmReAfQw2sgyPs59Du8LR6UPZ4/JI0fBM7e87UDkLpy6+mbWaUinES
         9qY77ILvhZIXH3K1CTon9Smjx5t8GuIAV9rVG+8gNIwdVc6gu5MU+eCFHpleHxJ6J0Pl
         90Yb4fYwCmmDnOHQ2THYxtE3exOxhFWmu4zs/fGoInFcA/jmPDmCKJQiPJJ7zHT4tN/a
         iMyRdcup4iBrfArmVAdMoUOAkKEj9O7Koc2vCjrdxu0qhKZWvehQacFqMzRHW4CJTVy7
         P4tg==
X-Received: by 10.221.42.135 with SMTP id ty7mr3022553vcb.14.1403168538253;
 Thu, 19 Jun 2014 02:02:18 -0700 (PDT)
MIME-Version: 1.0
Sender: julienpauli@gmail.com
Received: by 10.220.81.68 with HTTP; Thu, 19 Jun 2014 02:01:38 -0700 (PDT)
In-Reply-To: <53A21137.6010705@sugarcrm.com>
References: <CAH-PCH6xEXspisLOHtiTbViA4vDTk7q6LM3t_Bh9Dzr1cj_Nag@mail.gmail.com>
 <53A1C722.9060501@fedoraproject.org> <53A21137.6010705@sugarcrm.com>
Date: Thu, 19 Jun 2014 11:01:38 +0200
X-Google-Sender-Auth: Cto43jZ-THg76KzAhGpMU908VWo
Message-ID: <CAMUwpuT_S2EE6cdJM95RzY4vmORGx3vJ9+gau8G3EZCMsNSydA@mail.gmail.com>
To: Stas Malyshev <smalyshev@sugarcrm.com>
Cc: Remi Collet <remi@fedoraproject.org>, PHP Internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] Re: Problems with the fix for the BC break introduced
 in 5.4.29 and 5.5.13
From: jpauli@php.net (Julien Pauli)

On Thu, Jun 19, 2014 at 12:22 AM, Stas Malyshev <smalyshev@sugarcrm.com> wrote:
> Hi!
>
>> My proposal, for a quick solution, trying to be pragmatic and
>> trying to make the most of php users happy.
>
> Is the solution of banning only the internal classes with create_object
> and their descendants unsatisfactory?

For me, it's a safe solution, however, it breaks BC, I think it's a
no-go for 5.4 and 5.5.
This however could be a 5.6+ solution.

For 5.4 and 5.5, there doesn't seem to be easy fix on the go.
I suggest following what Remi suggests :

- Revert the BC break in 5.5 and 5.4
- Keep the segfault, we've been living with it for ages
- Patch the manual to clearly show one should never try to unserialize
hand-made strings : we just do not support such behavior (thus, it
could lead to segfaults)
- What if tomorrow we replace our serializer by igbinary or so ? Users
should not be aware of internal details, serialized string is
definetly one

Julien