Hi Lester, On Fri, Aug 9, 2013 at 6:29 PM, Lester Caine <les...@lsces.co.uk> wrote:
> Leigh wrote: > >> How php_serialize would cause BC issues for PHP users? >> >> Not everyone uses PHP in the way you would expect. Just how many sites >> out there >> do you think use PHPs session functionality? I'd go for hundreds of >> millions, >> and that's a pretty big target to hit. >> >> If you session_encode() something on 5.x with default settings and 5.x+1 >> cannot >> session_decode() it with default settings, that is a BC break. >> > > My own concerns with much of this are due to third party libraries using > some 'new approach' which requires a particular setup such as changing a > default, but another library still requires the old way of working. THAT is > the problem. On Fri, Aug 9, 2013 at 6:26 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > Mixing versions with shared data should be carefully handled for almost > all apps. > Even if this is the case, users may use old serializer so no BC. > > Anyway, we also have to consider number of bug/request reports that it > solves. > There are countless bug reports that were closed as "won't fix"/"not a > bug" > because of the register_globals support in session module. > As I wrote, there is no real BC issue as it's just a matter of ini setting. It's sounded like denial of improvement and removal of misdesigned component. I'm not going to remove old one, though. Search bug db, there are many bug reports/feature requests that this patch solves. If users aren't reading release note of minor version up, then it is users' fault, not ours. If it is, we cannot release new PHP. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net
