On Thursday 09 October 2008 15:31:54 Lukas Kahwe Smith wrote: > well .. i think this is at least the common use case. then again, json > is an encoding format, and i expect that i can get the same object > state by decoding. so the expectation to also get non public > properties in the json encoded string is not totally crazy.
Well, you lose the information about the class anyway, so there is no way to decode it to the previous state without implementing it yourself, and in order to set private/protected attributes, you have to implement it as a method ... and if you do that, it's natural that you also do a member function that does the encoding, so the round-trip argument doesn't really work. > however changing this at this point would be a huge security issue, so > if at all, it would need to be handled by an optional parameter that > defaults to false. That would be unclean. If it's implemented in some way, json_encode should look for the implementation of some interface (JSONEncodable or something) providing encoding/decoding methods (similar to __sleep/__wakeup). Regards, Stefan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
