Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:75833 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 59055 invoked from network); 22 Jul 2014 10:27:42 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 22 Jul 2014 10:27:42 -0000 Authentication-Results: pb1.pair.com smtp.mail=tyra3l@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=tyra3l@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.45 as permitted sender) X-PHP-List-Original-Sender: tyra3l@gmail.com X-Host-Fingerprint: 209.85.216.45 mail-qa0-f45.google.com Received: from [209.85.216.45] ([209.85.216.45:40742] helo=mail-qa0-f45.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 0A/7C-14611-D9C3EC35 for ; Tue, 22 Jul 2014 06:27:41 -0400 Received: by mail-qa0-f45.google.com with SMTP id cm18so6192124qab.18 for ; Tue, 22 Jul 2014 03:27:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=XMXiLxH0ipAqS+PZAfyJDfWyTXKaIZ6M/savMplX3pw=; b=G+h17MpwCDkEuzP1TqyiprT9QMgyp9G/5sydgnrRPAh9RhP0HKhj2L1n2QUT3jHH1O N28cXXEJx4UPyD8AEtBoaSyGeCwhzlrhjMLxm71BVOZjtLicGPW3me1hNCta6PjB5Fer +tS+WyB+dgY/9Y9ZrHO63T22Y5/Z3J++P44kMKSsKWvaHNB12QnEV/1qNTdyX5Od034X v2Ivuvs6TbPcCYyTB8xtJBy6+NJsjfTE4k7vVXOJI0ySAehN1fvsB857tyDOMfcxfhTa e+7U/wUx8sPZPhEzZXUss2d4G+RpXwpqvOHYEE4YDTKJRtFUr9DoftwwBRkzj591RVhZ LvuA== MIME-Version: 1.0 X-Received: by 10.140.92.13 with SMTP id a13mr15548753qge.88.1406024858830; Tue, 22 Jul 2014 03:27:38 -0700 (PDT) Received: by 10.140.102.111 with HTTP; Tue, 22 Jul 2014 03:27:38 -0700 (PDT) In-Reply-To: References: <53A1C722.9060501@fedoraproject.org> <53A21137.6010705@sugarcrm.com> <53A2A9BD.1070603@sugarcrm.com> <53A3874E.20704@sugarcrm.com> <53A62AFF.4080302@sugarcrm.com> <53B10D59.4060206@sugarcrm.com> Date: Tue, 22 Jul 2014 12:27:38 +0200 Message-ID: To: Alexey Zakhlestin Cc: Stas Malyshev , Marco Pivetta , Sebastian Bergmann , Julien Pauli , Remi Collet , PHP Internals Content-Type: multipart/alternative; boundary=001a11398720418eb104fec5acb8 Subject: Re: [PHP-DEV] Problems with the fix for the BC break introduced in 5.4.29 and 5.5.13 From: tyra3l@gmail.com (Ferenc Kovacs) --001a11398720418eb104fec5acb8 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Mon, Jun 30, 2014 at 8:10 PM, Alexey Zakhlestin wrote: > > On 30 Jun 2014, at 11:10, Stas Malyshev wrote: > > > I think we should move away from the practice of using serializer for > > something it was never made for, namely a weird way of instantiating > > classes. Serializer should be working only with serialized data. > > > Now, the question is can we instantiate the internal class without > > calling its ctor, and the answer here would probably be "no", at least > > not safely. While in the case of user class the engine can be reasonabl= e > > sure even if you don't call the ctor the basic structures are > > initialized properly, in the case of the internal class all bets are > > off. I'm not sure yet which use cases require ctor not to be called, bu= t > > I'm not sure how we can deliver on internal classes here. > > Sorry, I=E2=80=99m a bit late to discussion and might be missing somethin= g obvious. > > As far as I remember, internal classes have 2 constructors. > > 1. implementation of __construct() function > 2. create_object hook > > It should be possible to keep unsafe stuff in create_object which is > called unconditionally and leave safe initialisation in __construct. > > so, in case when __construct is not called object will have properties > initialised with nulls, empty strings, etc. > > I understand that is a lot of work on case-by-case basis but it is doable= . > > sorry for the late reply. you are right and after looking into the implementation I think classes having custom object storage (eg. create_object) shouldn't assume that their __construct will be called, but either do the initialization in the create_object hook or validate in the other methods that the object was properly initialized. given that this lack of initialization problem is already present(you can extend such a class and have a __construct() in the subclass which doesn't call the parent constructor), and we want to keep the unserialize trick fixed (as that exposes this problems to the remote attacker when some code accepts arbitrary serialized data from the client) I see no reason to keep the limitation in the ReflectionClass::newInstanceWithoutConstructor() and allowing the instantiation of internal classes will provide a clean upgrade path to doctrine and co. ofc. we have to fix the internal classes misusing the constructor for proper initialization one by one, but that can happen after the initial 5.6.0 release (ofc it would be wonderful if people could lend me a hand for fixing as much as we can before the release), but we have to fix those anyways. I consider this problem the biggest impediment for releasing the 5.6.0 final, so I would really like to hear what do you guys think about my proposed solution? --=20 Ferenc Kov=C3=A1cs @Tyr43l - http://tyrael.hu --001a11398720418eb104fec5acb8--