Hi Stas, There are many fixes regarding unserialize. We also had many fixes regarding type mismatches. I suppose many 3rd party modules have same issues.
How about have a doc for secure PHP internal coding? -- Yasuo Ohgaki yohg...@ohgaki.net On Wed, Sep 2, 2015 at 5:55 AM, Stanislav Malyshev <smalys...@gmail.com> wrote: > Hi! > > I've recently committed a number of fixes to 5.x branch. These fixes > mainly concern (un)serialization scenarios, you can see the full list in > 5.4/5.5 NEWS. These changes are not merged yet to master/7.0 since due > to extensive differences between 5.x and 7 in zval handling, they > basically must be rewritten for 7. I don't want to commit completely > broken code to master, so I'll work on at least getting it to a state > where there is no new breakage and then porting the fixes properly to 7, > but that can take a couple of days. In the meantime, please be aware > that 5.x and master may not be in full sync and exercise caution if you > merge stuff from 5 to 7. > -- > Stas Malyshev > smalys...@gmail.com > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php