Page MenuHomePhabricator

Make value objects in AbuseFilter JSON-Serializable
Open, MediumPublic

Description

AbuseFilter defines various value objects, and stores them in WANObjectCache. To avoid brittle and unsafe PHP serialization (see T161647), such value objects should implement JsonUnserializable. Affected classes include:

  • Filter, ExistingFilter, AbstractFilter
  • Specs
  • Flags

Special attention must be given to the callable "actions" in AbstractFilter

Event Timeline

Special attention must be given to the callable "actions" in AbstractFilter

Right. At the moment, the value is already forcefully loaded before caching to replace the callback with an array.

These classes are all plain value objects that only hold native PHP data, so switching to JSON should be trivial.