On 2012-02-02 04:17, Thijs Kinkhorst wrote:
On Wed, February 1, 2012 00:38, Filipus Klutiero wrote:
when used by sloppy developers (for example: not checking the
contents
of a tar file before extracting it, using unserialize() on
untrusted data, or relying on a specific value of short_open_tag).
I understand from Thijs's comment that the README is alluding to the
built-in unserialize() function:
http://ca.php.net/manual/en/function.unserialize.php
Assuming that is correct, please consider this report a reminder to
clarify.
Thanks, but given that unserialize is followed by () it should make it
clear we're referring to a specific function, and the whole document is
clearly in the context of the PHP interpreter.
It is clear that it refers to a specific function, but it is unclear
which, it could also refer to Serializable::unserialize().
Googling for "php
unserialize" instantly yields the relevant documentation for those who
want to know more. I prefer to keep this brief so it actually gets read,
and don't think further clarification is necessary.
If we want brevity, I recommend dropping the examples. In fact, from
what I understand, the entire item should be scrapped.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
