Hi! I'd like to have a vote on unserialize() improvement proposal outlined here: https://wiki.php.net/rfc/secure_unserialize
soon-ish, but since discussion on it has been more than a year ago I'd like to give it some prior notice and some time to re-consider. I still think it is a good improvement, not fixing all problems but allowing to fix some at reasonable cost. I've added some outline of arguments discussed before, but still open for comments. The patch is probably outdated but I'll fix it if it's accepted, if not I don't want to spend time on it. I'd like to have a vote sometime next week, but if there's more discussion it can be postponed. -- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
