Re: [PHP-DEV] Built-in classes that cannot be serialized

2018-11-26 Thread Nikita Popov
On Mon, Nov 26, 2018 at 11:47 PM Stanislav Malyshev wrote: > Hi! > > > We should migrate such cases to serialize_deny though. I think it's > pretty > > weird to explicitly implement __wakeup (signalling that yes, you can be > > unserialized), and then use it to throw (sorry, I lied). > > Throwing

Re: [PHP-DEV] Built-in classes that cannot be serialized

2018-11-26 Thread Stanislav Malyshev
Hi! > We should migrate such cases to serialize_deny though. I think it's pretty > weird to explicitly implement __wakeup (signalling that yes, you can be > unserialized), and then use it to throw (sorry, I lied). Throwing in __wakeup does not signal that it can be serialized. What it says that i

Re: [PHP-DEV] Built-in classes that cannot be serialized

2018-11-26 Thread Sebastian Bergmann
Am 26.11.2018 um 13:35 schrieb Nikita Popov: If I can rely on classes to throw an exception when serialize() is performed (be it through zend_class_serialize_deny or in __sleep()) then, yes, I can just try it. I believe you can rely on this. Not on any specific exception type, but the fact that

Re: [PHP-DEV] Built-in classes that cannot be serialized

2018-11-26 Thread Nikita Popov
On Mon, Nov 26, 2018 at 12:27 PM Sebastian Bergmann wrote: > Am 26.11.2018 um 12:20 schrieb Nikita Popov: > > Apart from serialize_deny, a pretty common pattern is throwing __wakeup. > > See for example CURLFile. > > > > We should migrate such cases to serialize_deny though. I think it's > pretty

Re: [PHP-DEV] Built-in classes that cannot be serialized

2018-11-26 Thread Sebastian Bergmann
Am 26.11.2018 um 12:20 schrieb Nikita Popov: Apart from serialize_deny, a pretty common pattern is throwing __wakeup. See for example CURLFile. We should migrate such cases to serialize_deny though. I think it's pretty weird to explicitly implement __wakeup (signalling that yes, you can be unser

Re: [PHP-DEV] Built-in classes that cannot be serialized

2018-11-26 Thread Nikita Popov
On Mon, Nov 26, 2018 at 10:28 AM Sebastian Bergmann wrote: > The following classes register zend_class_serialize_deny: Closure, COM, > DOTNET, Generator, HashContext, Reflection, ReflectionClass, > ReflectionClassConstant, ReflectionExtension, ReflectionException, > ReflectionFunction, Reflection

[PHP-DEV] Built-in classes that cannot be serialized

2018-11-26 Thread Sebastian Bergmann
The following classes register zend_class_serialize_deny: Closure, COM, DOTNET, Generator, HashContext, Reflection, ReflectionClass, ReflectionClassConstant, ReflectionExtension, ReflectionException, ReflectionFunction, ReflectionFunctionAbstract, ReflectionGenerator, ReflectionMethod, Reflecti