On Mon, Sep 5, 2022, at 12:20 PM, Tim Düsterhus wrote: > Hi > > I've now written up an RFC as a follow-up for the "What type of > Exception to use for unserialize() failure?" thread [1]: > > ---- > > RFC: Improve unserialize() error handling > https://wiki.php.net/rfc/improve_unserialize_error_handling > > Proof of concept implementation is in: > > https://github.com/php/php-src/pull/9425 > > Discussion period for that RFC is officially opened up. > > ---- > > The primary point of discussion in the previous mailing list thread and > in the PR comments is whether unserialize() should continue to emit > E_WARNING or whether that should consistently be changed to an > Exception. As of now I plan to explicitly vote on this and the RFC > contains some opinions on that matter. > > Best regards > Tim Düsterhus > > [1] https://externals.io/message/118311
Well-explained and well-argued. The only thing I'd add is that we should consider bumping the E_NOTICE to an E_WARNING, *and* slating it to increase to an exception in 9.0. This feels like a smaller BC concern than most, but people are extra sensitive these days about those edge cases so it's probably good to be cautious. --Larry Garfield -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
