Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:75637
Return-Path: <laruence@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 14627 invoked from network); 17 Jul 2014 05:56:58 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 17 Jul 2014 05:56:58 -0000
Authentication-Results: pb1.pair.com smtp.mail=laruence@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=laruence@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.43 as permitted sender)
X-PHP-List-Original-Sender: laruence@gmail.com
X-Host-Fingerprint: 209.85.215.43 mail-la0-f43.google.com  
Received: from [209.85.215.43] ([209.85.215.43:49665] helo=mail-la0-f43.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 97/D0-09067-8A567C35 for <internals@lists.php.net>; Thu, 17 Jul 2014 01:56:57 -0400
Received: by mail-la0-f43.google.com with SMTP id hr17so1354828lab.16
        for <internals@lists.php.net>; Wed, 16 Jul 2014 22:56:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc:content-type:content-transfer-encoding;
        bh=S5goyvJkMMSbU5dQYtq/9iM0hzPtMG2usROC3qTZEOA=;
        b=HxosUPxI6ySX6eii23p7RtltnjjR9Kl+FgaqoKw1SGmTNBmNPt3FJZ0/oWqjeUyhvZ
         QUr1Zkn5DhD8Th+n7FrfybnAfuyKjGKSN9EjaplQq7fczb0I+GqwNX4BTORt1cNT8sh8
         D/qkZA2unZdLQrrHh510i81FjRxQMnDe/zYK2zTyPL53KI7Mpn7OOwIv9/1ssdmdbswM
         dkGMNUKEGfIHrRNF4JPz7wiSsrDf7hw24ONcf+5q921mo9l8AVu4DrhpDBwx0hfhqSaY
         G9PjrMAce3SCNsIt/gpEeoEAdFjI1IEp8o2fCbDF7kl9GkwzYZsjXhtlRUhtRPDTnMRA
         kRig==
X-Received: by 10.112.54.197 with SMTP id l5mr599202lbp.103.1405576613521;
 Wed, 16 Jul 2014 22:56:53 -0700 (PDT)
MIME-Version: 1.0
Sender: laruence@gmail.com
Received: by 10.114.187.207 with HTTP; Wed, 16 Jul 2014 22:56:33 -0700 (PDT)
In-Reply-To: <53C75A89.5000401@fedoraproject.org>
References: <CABBJUpf4Zrj+MiqGoUPp6NWBBpJzntu0NAyveZyrqx0oNQYpBA@mail.gmail.com>
 <53C75A89.5000401@fedoraproject.org>
Date: Thu, 17 Jul 2014 13:56:33 +0800
X-Google-Sender-Auth: fcjChqb7U88604-wXjxTZlwAhDI
Message-ID: <CABBJUpfeDv1juoL=1bkaiY3M9cgLd8f6NMagSqccoQVC+vekCw@mail.gmail.com>
To: Remi Collet <remi@fedoraproject.org>
Cc: PHP Internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] An BC issue in unserialize
From: laruence@php.net (Laruence)

On Thu, Jul 17, 2014 at 1:09 PM, Remi Collet <remi@fedoraproject.org> wrote=
:
> Le 17/07/2014 06:01, Laruence a =C3=A9crit :
>
>>             $this->_prototype =3D unserialize(sprintf('O:%d:"%s":0:{}',
>> strlen($this->name), $this->name));
>
>>    I am not sure now.  should this usage be supported?
>
> In think unserialize is an horrible hack which should have never be used.
>
> This is described in UPGRADINGS
>
> First, try to fix the code, using  newInstanceWithoutConstructor() when
> available (5.4+) and possible (userland classes)
>
Hey:
    serialize maybe a sensitive area, in my opinion we should very
careful about the BC issue in such area..

    if a user want to migrate it's codes from 5.5 to 5.6,  but he has
multi servers, he might want to migrate them one by one.

    in such case,  the serialized data could be shared by 5.5 and 5.6...

    so...

thanks
> Remi.
>
>
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>



--=20
Laruence  Xinchen Hui
http://www.laruence.com/