Feature: disallow serialization #1
Conversation
…should be thrown
…r handling/catching
| * @throws NonDeSerializableObject | ||
| * @throws TypeError | ||
| */ | ||
| final public function __wakeup() |
There was a problem hiding this comment.
Can't: void is only 7.1, although we could make the lib 7.1 only.
There was a problem hiding this comment.
Another 👍 to allow : void return decl
| * | ||
| * @return self | ||
| */ | ||
| public static function fromNonObject($object) : self |
There was a problem hiding this comment.
currently $object is not an object
| * @throws NonSerializableObject | ||
| * @throws TypeError | ||
| */ | ||
| final public function __sleep() |
There was a problem hiding this comment.
Can't unless we force 7.1
| use Dont\Exception\NonDeSerializableObject; | ||
| use Dont\Exception\TypeError; | ||
|
|
||
| trait DeSerialize |
There was a problem hiding this comment.
Can be unserialize instead
There was a problem hiding this comment.
As discussed, deserialize would be proper English, while PHP has its own unserialize wording. Unsure about the wording to adopt for now. @asgrim, can you give us an opinion?
There was a problem hiding this comment.
Better preserve php strangeness as it's more intuitive for php developers IMHO
There was a problem hiding this comment.
We could always create an alias ? But i'm going to agree with @Ocramius for the simple reason I would be annoyed with phpstorm including the wrong thing.
There was a problem hiding this comment.
Deserialise is the correct word. However you can have the version with the z if you must…
There was a problem hiding this comment.
I could fancy a British lib...
There was a problem hiding this comment.
Acceptable to me in selfish preference order: Deserialise Deserialize Unserialise Unserialize (note, no capital S in any)
There was a problem hiding this comment.
Went with Deserialise, to be non-brexit-compliant
There was a problem hiding this comment.
Deserialise is UK English btw, Deserialize is American, so technically, it's now Brexit-compliant 👍 🇬🇧
| The given object %s#%s is not designed to be de-serialized, yet de-serialization was attempted. | ||
|
|
||
| This error is raised because the author of %s didn't design it to be de-serializable, nor can | ||
| guarantee that it will function correctly after de-serialization, nor can guarantee that all |
There was a problem hiding this comment.
yes, it will function and it will work are synonyms
|
Whats the general purpose of this library ? Apart from the obvious :) |
|
@macnibblet the idea is to: final class MyFantasticService implements TheService
{
use \Dont\Serialize;
use \Dont\DeSerialize;
use \Dont\Clone;
public function __construct(Db $theDb) { /* ... */ }
// ...
} |
|
@Ocramius Copy from what I wrote in IRC, if you import the classes you end up with |
| @@ -0,0 +1,35 @@ | |||
| { | |||
| "name": "roave/don-t", | |||
There was a problem hiding this comment.
grammar is hard, but IMO roave/dont is easier to remember package name
There was a problem hiding this comment.
I can live with roave/dont
| ], | ||
| "authors": [ | ||
| { | ||
| "name": "Marco Pivetta", |
There was a problem hiding this comment.
Typo in your surname there, should be Pivetti 
| } | ||
| ], | ||
| "require": { | ||
| "php": "7.*" |
There was a problem hiding this comment.
^7.0|^7.1 maybe, adding future versions as they appear?
There was a problem hiding this comment.
In fact, mandating just ^7.1 could mean using void return type further down?
There was a problem hiding this comment.
We can probably push to 7.1. This package is initially to be deployed as part of ocramius/proxy-manager for a version that only supports PHP 7.1+
| use Dont\Exception\NonDeSerializableObject; | ||
| use Dont\Exception\TypeError; | ||
|
|
||
| trait DeSerialize |
There was a problem hiding this comment.
Acceptable to me in selfish preference order: Deserialise Deserialize Unserialise Unserialize (note, no capital S in any)
| * @throws NonDeSerializableObject | ||
| * @throws TypeError | ||
| */ | ||
| final public function __wakeup() |
There was a problem hiding this comment.
Another 👍 to allow : void return decl
|
|
||
| use LogicException; | ||
|
|
||
| class NonDeSerializableObject extends LogicException implements ExceptionInterface |
There was a problem hiding this comment.
Amend naming as discussed above (especially removing capital S)
| { | ||
| public function testWillThrowOnSerializationAttempt() | ||
| { | ||
| $object = new NotSerializable(); |
There was a problem hiding this comment.
Do we need the assignment? just serialize(new NotSerializable()); on L22 should suffice
There was a problem hiding this comment.
Didn't want to make it seem like the constructor caused the exception
| throw TypeError::fromNonObject($object); | ||
| } | ||
|
|
||
| $template = <<<'ERROR' |
There was a problem hiding this comment.
I get the purpose, but these messages are really verbose... Surely a simple %s objects should not be (de)serialized would suffice? Make the point, but in less characters basically...
There was a problem hiding this comment.
The idea of the lengthy message is to make this REALLY obnoxiously clear to the reader. There must be no issue opened by people asking why this kind of thing is being thrown (which is the reason why I started working on the package in first place)
| /** | ||
| * Marker interface for exceptions thrown by the Dont package | ||
| */ | ||
| interface ExceptionInterface extends Throwable |
There was a problem hiding this comment.
What advantage does this interface give?
There was a problem hiding this comment.
It's a marker interface - provides generic "group by" and catch-all for the package, should anybody want to do that.
| use Dont\Exception\NonDeSerializableObject; | ||
| use Dont\Exception\TypeError; | ||
|
|
||
| trait DontDeSerialize |
There was a problem hiding this comment.
Should be DontDeserialize imo (no cap on Serialize), the word is "deserialize" not "de-serialize" afaik
|
|
||
| use Dont\DontSerialise; | ||
|
|
||
| final class NotSerialisable |
There was a problem hiding this comment.
Serialisable => Serializable (https://en.wiktionary.org/wiki/serializable)
There was a problem hiding this comment.
both are correct: https://en.wiktionary.org/wiki/serialisable
There was a problem hiding this comment.
I guess the s spelling is British, but PHP uses the z spelling.
There was a problem hiding this comment.
Yup, we discussed already :) #1 (comment)
There was a problem hiding this comment.
Yes, we just went with the brit approach:
This PR introduces:
Dont\SerializeDont\DeSerializeTODOs:
donot for now, maybe in 2.x.SerializeandDeSerializeimply each other?