Bump on this thread because I would like to hear some feedback. Thanks!
> On Mar 31, 2017, at 10:55 PM, Andrew Nester <newaltgr...@bk.ru> wrote: > > > Hello everyone! > > I’ve been working on fix for following bug: > https://bugs.php.net/bug.php?id=74063 <https://bugs.php.net/bug.php?id=74063> > As it became clear after discussion under proposed pull request here > https://github.com/php/php-src/pull/2378 > <https://github.com/php/php-src/pull/2378> > there is no single way how to handle serialization of internal classes. > > As Nikita Popov proposed it might be good to add > “get_properties_for_serialize handler (or similar), which is a variant of > get_properties that is used for serialization (and returns a temporary HT). > This would allow us to use wakeup-based unserialization without leaking > additional (PHP-level) properties.” > > Thanks! > > Andrew Nester
