Per T161647: RFC: Deprecate using php serialization inside MediaWiki, we should not rely on PHP serialization. One place where such serialization is often implicitly applied is object caching. WANObjectCache should reject all cache values that cannot be serialized to JSON.
Description
Description
Details
Details
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
DNM: WANObjectCache: warn on non-JSONic values. | mediawiki/core | master | +86 -8 |
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Open | None | T274189 Remove usage of PHP serialization from WANObjectCache | |||
Open | None | T274190 Make value objects in AbuseFilter JSON-Serializable | |||
Open | None | T264393 Mark user object as non-serializable | |||
Open | None | T264389 ProofreadPageContent must not contain User object, since it cannot be serialized safely. | |||
Resolved | tstarling | T264391 FeaturedFeedChannel must not contain a User object, since it cannot be serialized safely. | |||
Open | None | T274192 Mark Message as NonSerializable | |||
Open | None | T169328 Protect against PHP code execution via memcached/unserialize | |||
Resolved | • Pchelolo | T282105 WatchedItemStore should not write MapCacheLRU instances to a BagOStuff | |||
Open | None | T282106 Upload session status should not include a Status object in the cache payload | |||
Open | None | T282107 Make OAuthToken JSONUnserializable |
Event Timeline
Comment Actions
Change 662714 had a related patch set uploaded (by Daniel Kinzler; owner: Daniel Kinzler):
[mediawiki/core@master] DNM: WANObjectCache: warn on non-JSONic values.