On Thu, Jul 17, 2014 at 9:58 AM, Stas Malyshev
wrote:
> Hi!
>
> > As discussed in previous threads about this failure, we (doctrine) can
> > move away from the `unserialize()` hack if
> > `ReflectionClass#newInstanceWithoutConstructor()` provides support for
> > internal classes.
>
> Could you ex
Hi!
> As discussed in previous threads about this failure, we (doctrine) can
> move away from the `unserialize()` hack if
> `ReflectionClass#newInstanceWithoutConstructor()` provides support for
> internal classes.
Could you explain why it is needed to instantiate internal classes
without calling
On Thu, Jul 17, 2014 at 8:43 AM, Stas Malyshev
wrote:
> Hi!
>
> > IMHO this isn't something we should change in a 2nd digit release, but
> on a
> > major version, even if it wasn't documented.
>
> We don't have much option here. Keeping it leads to a remote triggerable
> segfaults. We've discusse
Hi!
> IMHO this isn't something we should change in a 2nd digit release, but on a
> major version, even if it wasn't documented.
We don't have much option here. Keeping it leads to a remote triggerable
segfaults. We've discussed this here just recently. This is a hack that
does not work properly
> -Original Message-
> From: Stas Malyshev [mailto:smalys...@sugarcrm.com]
> Sent: Thursday, July 17, 2014 9:08 AM
> To: Laruence; Remi Collet
> Cc: PHP Internals
> Subject: Re: [PHP-DEV] An BC issue in unserialize
>
> Hi!
>
> > in such case, the seria
Hi!
> in such case, the serialized data could be shared by 5.5 and 5.6...
This is true, but what you presented is not serialized data. Serialized
data will be fine. But the code you shown instead tries to use
serializer as a roundabout way of instantiating objects. This is not the
right thin
On Thu, Jul 17, 2014 at 1:09 PM, Remi Collet wrote:
> Le 17/07/2014 06:01, Laruence a écrit :
>
>> $this->_prototype = unserialize(sprintf('O:%d:"%s":0:{}',
>> strlen($this->name), $this->name));
>
>>I am not sure now. should this usage be supported?
>
> In think unserialize is an
Hi Laruence,
On Thu, Jul 17, 2014 at 1:01 PM, Laruence wrote:
> /**
> * Creates a new instance of the mapped class, without invoking
> the constructor.
> *
> * @return object
> */
> public function newInstance()
> {
> if ($this->_prototype === null) {
Le 17/07/2014 06:01, Laruence a écrit :
> $this->_prototype = unserialize(sprintf('O:%d:"%s":0:{}',
> strlen($this->name), $this->name));
>I am not sure now. should this usage be supported?
In think unserialize is an horrible hack which should have never be used.
This is descri
