Hello,
I recently submitted https://bugs.php.net/76681: Make unserialize() handle
a new "callback" option entry
The full story is that I'd like a way to get rid of any
PHP_Incomplete_Class in my code.
The way to do it currently is to change the "unserialize_callback_func" ini
setting at runtime and define a throwing callable. But this feels like bad
design...
Do we want a better way to do it?
Note that this should also apply to nested calls to unserialize (since the
Serializable interface encourages doing so.)
Nicolas
I recently submitted https://bugs.php.net/76681: Make
unserialize()handle
a new "callback" option entryThe full story is that I'd like a way to get rid of any
PHP_Incomplete_Class in my code.
The way to do it currently is to change the "unserialize_callback_func" ini
setting at runtime and define a throwing callable. But this feels like bad
design...Do we want a better way to do it?
Note that this should also apply to nested calls to unserialize (since the
Serializable interface encourages doing so.)
Thanks, Nicolas! In my opinion, a callback that is explicitly passed to
unserialize() is much better than an ini setting, but not so much, if
the parameter would have global state (i.e. works for nested
unserialize() calls as well). However, that would not be necessary, if
we add a replacement for the Serializable interface as suggested by
Nikita[1].
[1] https://externals.io/message/98834
--
Christoph M. Becker