Hi! > And what about automatic un/serialize() of objects in $_SESSION? > People don't even see those function calls in their code, so dropping > the function/ality would be a wildly drastic move.
Nothing about it, the change is for unserialize() function. > tread gently, as in your suggestion of an extra param. And probably > want two optional PHP.INI settings: one for when unserialize() is As we learned many times in the past, behavior-changing ini settings are not a good idea. We have to get away from mentality of "if we need to modify some behavior, we just put a variable in global state to control it". Global state is the last resort, not the first one. Variables that have local influence should have local scope. -- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
