Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:79284 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 67330 invoked from network); 28 Nov 2014 17:57:02 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 28 Nov 2014 17:57:02 -0000 Authentication-Results: pb1.pair.com header.from=tyra3l@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=tyra3l@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.218.43 as permitted sender) X-PHP-List-Original-Sender: tyra3l@gmail.com X-Host-Fingerprint: 209.85.218.43 mail-oi0-f43.google.com Received: from [209.85.218.43] ([209.85.218.43:58160] helo=mail-oi0-f43.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id EF/90-59154-A67B8745 for ; Fri, 28 Nov 2014 12:56:59 -0500 Received: by mail-oi0-f43.google.com with SMTP id a3so4954358oib.2 for ; Fri, 28 Nov 2014 09:56:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=FY3Jedax1vuDPH2ZXABAEeQ+KP8m89boWB83S3M3+iE=; b=zXZSYNQ2bSRkseslS2hyN3j7aEB2WeR7JSO0Znx5A/lsyt9ntiBhdSuKYBSmQb/XVW pibXEcZzsKwz4rcCf8hzJAEpiCdtKgh4zk8zYqjnfWbjEO7j9if/uTF5YoE1ypvusQZG G0pELEYrJfRyVPt09jMeG/wLyhZNdDqUDSKizwJNrT8kVmN+lXXNNzt4rWJUV9gZDc9X 6NQgmx/anARxfrGnJTGbY9vVDs320sieKhpM6L+OAAjiakum3oZBd/8HUxNS8Ly8Fyuj fyfAphCr0cttw68YqPuRP/+cXLDiAPujgZWsFeA3jWkdgJdhYlqyF/INdPSH/wUx0xkV AF4A== MIME-Version: 1.0 X-Received: by 10.202.173.198 with SMTP id w189mr26313001oie.27.1417197415851; Fri, 28 Nov 2014 09:56:55 -0800 (PST) Received: by 10.60.37.103 with HTTP; Fri, 28 Nov 2014 09:56:55 -0800 (PST) In-Reply-To: <546BAD48.7030009@gmail.com> References: <546BAD48.7030009@gmail.com> Date: Fri, 28 Nov 2014 18:56:55 +0100 Message-ID: To: Stanislav Malyshev Cc: PHP Internals Content-Type: multipart/alternative; boundary=001a113eabb48cb1d20508eefca2 Subject: Re: [PHP-DEV] filtered unserialise() - results From: tyra3l@gmail.com (Ferenc Kovacs) --001a113eabb48cb1d20508eefca2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Tue, Nov 18, 2014 at 9:34 PM, Stanislav Malyshev wrote: > Hi! > > The vote for https://wiki.php.net/rfc/secure_unserialize has been > completed (actually, should be last week but I was busy, sorry for the > delay) and the RFC is accepted 17 votes for to 6 votes against. > > Now, there were proposals to amend this RFC slightly to make the > additional parameter an option array - with sole option currently being > accepted classes list for now - in order to allow future extensibility. > I am somewhat undecided on this option, but rather than make a new vote > for a small implementation change, I want to make an informal poll - > *if* I decide to make it an option array - would anyone strongly oppose > to it, and if so, why? > > Note that it is not a vote either way - rather, I'd like to hear if > somebody has an argument against doing this (I've already heard > arguments for it). So if you oppose it, please tell the reasons why. I > have some (which I previously posted on the list) but I'd like to hear > from others too. > > Thanks, > Stas > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > Sorry, I missed this thread back when you posted. Personally I'm a bit hesitant about this change. Do we already have something additional/upcoming features which could be a good fit to lump together with allowed_classes? If that's not the case, I think this is premature to introduce another level of indirection, which will cost everybody using this feature a couple of additional keystrokes for the vague gain that at some point in the future there could be a feature which would be better bundled together with this setting instead of introducing a third optional parameter. --=20 Ferenc Kov=C3=A1cs @Tyr43l - http://tyrael.hu --001a113eabb48cb1d20508eefca2--