On 3 November 2014 21:10, Stas Malyshev <smalys...@sugarcrm.com> wrote: > Hi! > > I'd like to put to vote my proposal about the filtered unserialize(): > > https://wiki.php.net/rfc/secure_unserialize > > It was discussed a number of times before and I think it is time to have > a decision on it. If you need any clarifications on the proposal, please > do not hesitate to ask. > --
I wonder how often the final parameter will simply be get_declared_classes() Instead of true/false/array, maybe we could go for int/array and have constants for "allow anything", "disallow everything", "allow declared only". -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
