On 07/28/2015 03:46 PM, Stanislav Malyshev wrote:
Hi!
This sort of change would be a major BC break for 8.x or similar.
How is it a major BC break? You make it sound like serializing
exceptions is something no application can do without. I have yet to see
a single case where it's useful (yes, I've read the Symphony comment but
I'm not sure why they're doing it and if it's indeed something that
should be done and not an ugly hack like unserializing fake internal
objects).
I also don't see security implications, tbh.
I don't want to discuss it in detail yet, but check out currently open
or recently fixed security issues and see how many of them relate to
serialized exceptions and consequences of that.
--
Stas Malyshev
smalys...@gmail.com
Serializing exceptions can be useful in parallel code using multiple
processes or threads. I have been working on a concurrency library for a
week or two and I serialize exceptions (excluding stack trace arguments)
to send them back to the calling process to aid in debugging process
failures.
I agree there aren't too many use cases, but there are a few. Of course,
exceptions aren't *consistently* serializable, which is still a problem
that should be resolved in some way.
--
Stephen Coakley
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
