Re: [PHP-DEV] [RFC] Deprecate class instance deserialization in WDDX

2017-08-18 Thread Christoph M. Becker
On 18.08.2017 at 12:02, Nikita Popov wrote: > On Tue, Aug 15, 2017 at 6:54 PM, Christoph M. Becker > wrote: > >> Due to the recent discussion regarding WDDX serialization and security >> (), I've >> written an RFC that proposes to deprecat

Re: [PHP-DEV] [RFC] Deprecate class instance deserialization in WDDX

2017-08-18 Thread Niklas Keller
> > On Tue, Aug 15, 2017 at 6:54 PM, Christoph M. Becker > wrote: > > > Hi internals! > > > > Due to the recent discussion regarding WDDX serialization and security > > (), I've > > written an RFC that proposes to deprecate class instance de

Re: [PHP-DEV] [RFC] Deprecate class instance deserialization in WDDX

2017-08-18 Thread Remi Collet
Le 18/08/2017 à 12:02, Nikita Popov a écrit : > On Tue, Aug 15, 2017 at 6:54 PM, Christoph M. Becker > Which is why I would suggest: > 1. Deprecate the entire extension in PHP 7.2. > 2. Unbundle it in PHP 7.3. +1 Dropping part of the extension features doesn't seems a good idea. Remi sig

Re: [PHP-DEV] [RFC] Deprecate class instance deserialization in WDDX

2017-08-18 Thread Nikita Popov
On Tue, Aug 15, 2017 at 6:54 PM, Christoph M. Becker wrote: > Hi internals! > > Due to the recent discussion regarding WDDX serialization and security > (), I've > written an RFC that proposes to deprecate class instance deserialization > i

[PHP-DEV] [RFC] Deprecate class instance deserialization in WDDX

2017-08-15 Thread Christoph M. Becker
Hi internals! Due to the recent discussion regarding WDDX serialization and security (), I've written an RFC that proposes to deprecate class instance deserialization in WDDX: