On Wed, 10 Apr 2013, Yasuo Ohgaki wrote:
2013/4/9 Laruence larue...@php.net
I proposal to add a leading backslash to all classnames (not only ns
names, since no harm, consistent and make sense) when doing serialize,
var_export etc.
Additional bool parameter for it would be nice for
On Mon, 15 Apr 2013, Laruence wrote:
hey:
thanks very much for all feedbacks.
so, maybe we should document this instead of adding lead backslash?
I think that's best, yes.
cheers,
Derick
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:
On 4/14/2013 7:56 PM, Laruence wrote:
hey:
thanks very much for all feedbacks.
so, maybe we should document this instead of adding lead backslash?
thanks
On Wed, Apr 10, 2013 at 5:36 AM, Rasmus Lerdorf ras...@lerdorf.com wrote:
On 04/09/2013 01:23 PM, Madara Uchiha wrote:
Well,
I've seen the usage of signing/hashing stored along side the serialized
data to prevent this sort of injection.
Still not 100% safe, but in case you really can't escape the use of
serialize, it's a start...
On Mon, Apr 15, 2013 at 2:52 PM, Thomas Hruska thru...@cubiclesoft.comwrote:
On
hey:
thanks very much for all feedbacks.
so, maybe we should document this instead of adding lead backslash?
thanks
On Wed, Apr 10, 2013 at 5:36 AM, Rasmus Lerdorf ras...@lerdorf.com wrote:
On 04/09/2013 01:23 PM, Madara Uchiha wrote:
Well, why would you need to serialize an object
For consistency, in strings we should already be using the FQCN implicitly.
Therefore output of serialization and var_export should not need the
leading backslash.
Marco Pivetta
http://twitter.com/Ocramius
http://ocramius.github.com/
On 9 April 2013 06:38, Madara Uchiha
On Tue, 2013-04-09 at 11:28 +0800, Laruence wrote:
Hey:
bug is described at #64554
I proposal to add a leading backslash to all classnames (not only ns
names, since no harm, consistent and make sense) when doing serialize,
var_export etc.
what do you think?
This breaks
On 4/8/13 11:28 PM, Laruence wrote:
bug is described at #64554
- https://bugs.php.net/bug.php?id=64554
I proposal to add a leading backslash to all classnames (not only ns
names, since no harm, consistent and make sense) when doing serialize,
var_export etc.
Short term: Add note
2013/4/9 Laruence larue...@php.net
I proposal to add a leading backslash to all classnames (not only ns
names, since no harm, consistent and make sense) when doing serialize,
var_export etc.
Additional bool parameter for it would be nice for var_export/serialize.
For var_dump, I wish to have
Hi!
I proposal to add a leading backslash to all classnames (not only ns
names, since no harm, consistent and make sense) when doing serialize,
var_export etc.
I'm not sure what this has to do with serialize. For var_export it may
be useful but the use case looks kind of limited. I can't
Well, why would you need to serialize an object in one version of PHP,
and unserialize it in another?
On Tue, Apr 9, 2013 at 11:08 PM, Stas Malyshev smalys...@sugarcrm.com wrote:
Hi!
I proposal to add a leading backslash to all classnames (not only ns
names, since no harm, consistent and
On 04/09/2013 01:23 PM, Madara Uchiha wrote:
Well, why would you need to serialize an object in one version of PHP,
and unserialize it in another?
Unfortunately people do that all the time. They store serialized
versions of stuff in databases and other backends and even send it
across the wire
Hey:
bug is described at #64554
I proposal to add a leading backslash to all classnames (not only ns
names, since no harm, consistent and make sense) when doing serialize,
var_export etc.
what do you think?
thanks
--
Laruence Xinchen Hui
http://www.laruence.com/
Sounds good. With PHP moving in closer and closer with namespaces, this
proposal will save some confusion in the more complex application
debugging. I support. +1
On Apr 9, 2013 6:29 AM, Laruence larue...@php.net wrote:
Hey:
bug is described at #64554
I proposal to add a leading
14 matches
Mail list logo