On Sun, Feb 28, 2010 at 8:03 PM, Herman Radtke <hermanrad...@gmail.com> wrote: >> Imo unserialize should check, when applying public or protected values, >> if either exists on the object, and apply it to the one that exists. >> Sure it's gonna cost some performance, but at least changing the >> prototype of your class while stuff is running isn't going to kill your >> code anymore. > > This seems like a corner case and one that a conversion script should > handle. Considering that serialize and unserialize are called for > every single web-request, degrading the performance of unserialize is > not something that should be done lightly.
Well.. the problem is you can't use __wakeup() for it, because at that point it's too late to read the values, it could work if you got the properties as an array or something as __wakeup($data), but that's not the case. So the only approach would be to edit the scripts manually, and that's the last thing I want to do honestly, in the playing with fire category serialized strings are pretty high ranked. Patching __wakeup handling could be a non-costly option I suppose, but that's just another hack on top of the hackish hacks, and I don't want to be the cause of it, so if unserialize can't be fixed I'd rather have nothing. Cheers, Jordi -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
