On 26.11.2018 at 10:27, Sebastian Bergmann wrote: > The following classes register zend_class_serialize_deny: Closure, COM, > DOTNET, Generator, HashContext, Reflection, ReflectionClass, > ReflectionClassConstant, ReflectionExtension, ReflectionException, > ReflectionFunction, ReflectionFunctionAbstract, ReflectionGenerator, > ReflectionMethod, ReflectionNamedType, ReflectionObject, > ReflectionParameter, ReflectionProperty, ReflectionRype, > ReflectionZendExtension, SimpleXmlElement, SplFileInfo, Variant. > > Are these all the built-in classes that cannot be serialized?
Well, the com_dotnet classes have only been made unserializable very recently, due to bug #77177, so I can imagine that there are more classes. Particularly, the database related classes come to mind. For instance, it's currently possible to serialize SQLite3 instances, albeit that makes no sense ("O:7:"SQLite3":0:{}"). > Would it be possible to implement ReflectionClass::isSerializable() that > returns false when the class is a) built-in and b) has > zend_class_serialize_deny registered? I presume that this could easily be implemented, but if the method returns TRUE for all other cases, it would be misleading since classes may unconditionally throw in __sleep(). -- Christoph M. Becker -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php