-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Le 27/10/2014 09:03, Stas Malyshev a écrit : > Hi! > > I'd like to have a vote on unserialize() improvement proposal > outlined here: https://wiki.php.net/rfc/secure_unserialize > > soon-ish, but since discussion on it has been more than a year ago > I'd like to give it some prior notice and some time to re-consider. > I still think it is a good improvement, not fixing all problems but > allowing to fix some at reasonable cost. I've added some outline of > arguments discussed before, but still open for comments. The patch > is probably outdated but I'll fix it if it's accepted, if not I > don't want to spend time on it. I'd like to have a vote sometime > next week, but if there's more discussion it can be postponed. >
+1 as this seems to have a real benefit for security (implementation detail such as function or option name are... detail) Remi. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlRPmL8ACgkQYUppBSnxahhLrQCePtlnYkVuhSNFPF+pvjZ+DNZX GaoAoLXKHYtbblmT9G0Y/jPRDgUtgABT =mE9N -----END PGP SIGNATURE----- -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
