On 26.11.2018 at 10:27, Sebastian Bergmann wrote:
> The following classes register zend_class_serialize_deny: Closure, COM,
> DOTNET, Generator, HashContext, Reflection, ReflectionClass,
> ReflectionClassConstant, ReflectionExtension, ReflectionException,
> ReflectionFunction, ReflectionFunctionAbstract, ReflectionGenerator,
> ReflectionMethod, ReflectionNamedType, ReflectionObject,
> ReflectionParameter, ReflectionProperty, ReflectionRype,
> ReflectionZendExtension, SimpleXmlElement, SplFileInfo, Variant.
>
> Are these all the built-in classes that cannot be serialized?
Well, the com_dotnet classes have only been made unserializable very
recently, due to bug #77177, so I can imagine that there are more
classes. Particularly, the database related classes come to mind. For
instance, it's currently possible to serialize SQLite3 instances, albeit
that makes no sense ("O:7:"SQLite3":0:{}").
> Would it be possible to implement ReflectionClass::isSerializable() that
> returns false when the class is a) built-in and b) has
> zend_class_serialize_deny registered?
I presume that this could easily be implemented, but if the method
returns TRUE for all other cases, it would be misleading since classes
may unconditionally throw in __sleep().
--
Christoph M. Becker
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
