Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:78604
Return-Path: <leight@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 12732 invoked from network); 3 Nov 2014 23:05:00 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 3 Nov 2014 23:05:00 -0000
Authentication-Results: pb1.pair.com smtp.mail=leight@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=leight@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.212.180 as permitted sender)
X-PHP-List-Original-Sender: leight@gmail.com
X-Host-Fingerprint: 209.85.212.180 mail-wi0-f180.google.com  
Received: from [209.85.212.180] ([209.85.212.180:57916] helo=mail-wi0-f180.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 20/D6-10620-B1A08545 for <internals@lists.php.net>; Mon, 03 Nov 2014 18:04:59 -0500
Received: by mail-wi0-f180.google.com with SMTP id hi2so7802543wib.13
        for <internals@lists.php.net>; Mon, 03 Nov 2014 15:04:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=Jd6KePH7meJh40Jtk0A7GBlsYcHX8EHNfYKkqFt2beo=;
        b=so4X/qezGA+QEcf5FXZiUSBbtwP7bfxrmU0cCQKXQFFm11xd8iiiUc3X3/osHfpCtB
         m+/boiFQ2tdnrcV8TGahybD0beWOOaHrUzZswcvFQ+g9fbkQ1Q7I1boL09Wcmjw9vauU
         Am581zzWTtOQ8mD91I4Rx7h1TCTtWRQ90REcMwwu/NCbFWuVCewMJ9gxkL/mjp+V/7sf
         l8Q8H1eKxF+W/OAvuGu/4Uue/QLJouZlIAqCm75M8xDz2PpBiBSpkm84DBRlRJxo6jXa
         Ek0Z6s2Yb6LHVTjhFMr4HK67jQg10dR8jNcgczn12d7rbWlES3ymUe50vkn5a6YwhM3a
         kb2w==
MIME-Version: 1.0
X-Received: by 10.180.91.49 with SMTP id cb17mr19274326wib.30.1415055896796;
 Mon, 03 Nov 2014 15:04:56 -0800 (PST)
Received: by 10.216.50.205 with HTTP; Mon, 3 Nov 2014 15:04:56 -0800 (PST)
In-Reply-To: <5457EF60.1020103@sugarcrm.com>
References: <5457EF60.1020103@sugarcrm.com>
Date: Mon, 3 Nov 2014 23:04:56 +0000
Message-ID: <CAPwsocEr_AD80drtNHCiJGGLMEnMOGnSuTzhGQgMhe9ob0WzCQ@mail.gmail.com>
To: Stas Malyshev <smalyshev@sugarcrm.com>
Cc: PHP Internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] [RFC] [VOTE] Filtered unserialize()
From: leight@gmail.com (Leigh)

On 3 November 2014 21:10, Stas Malyshev <smalyshev@sugarcrm.com> wrote:
> Hi!
>
> I'd like to put to vote my proposal about the filtered unserialize():
>
> https://wiki.php.net/rfc/secure_unserialize
>
> It was discussed a number of times before and I think it is time to have
> a decision on it. If you need any clarifications on the proposal, please
> do not hesitate to ask.
> --

I wonder how often the final parameter will simply be get_declared_classes()

Instead of true/false/array, maybe we could go for int/array and have
constants for "allow anything", "disallow everything", "allow declared
only".