On 06.08.2018 at 15:08, Nicolas Grekas wrote: > I recently submitted https://bugs.php.net/76681: Make unserialize() handle > a new "callback" option entry > > The full story is that I'd like a way to get rid of any > PHP_Incomplete_Class in my code. > The way to do it currently is to change the "unserialize_callback_func" ini > setting at runtime and define a throwing callable. But this feels like bad > design... > > Do we want a better way to do it? > > Note that this should also apply to nested calls to unserialize (since the > Serializable interface encourages doing so.)
Thanks, Nicolas! In my opinion, a callback that is explicitly passed to unserialize() is much better than an ini setting, but not so much, if the parameter would have global state (i.e. works for nested unserialize() calls as well). However, that would not be necessary, if we add a replacement for the Serializable interface as suggested by Nikita[1]. [1] <https://externals.io/message/98834> -- Christoph M. Becker -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
