Enforce magic __serialize() and __unserialize() return types#2372
Enforce magic __serialize() and __unserialize() return types#2372ondrejmirtes merged 2 commits intophpstan:1.10.xfrom
Conversation
|
This pull request has been marked as ready for review. |
| } | ||
|
|
||
| if ($name === '__unserialize') { | ||
| $realReturnType = new VoidType(); |
There was a problem hiding this comment.
This change would make sense if there's a type missing in the signature, like: https://3v4l.org/Wji2j
So please change the current test and remove the types from it.
But we need another rule and test - that checks the correctness of the signatures. In the example with __unserialize(string $data): string, both parameter and return type are wrong, but these aren't picked up by any rule.
While we're at it we should verify the corectness of signatures of all magic methods. Needs a new rule probably.
There was a problem hiding this comment.
thank you.
So please change the current test and remove the types from it.
I have fixed the test as per your feedback
But we need another rule and test - that checks the correctness of the signatures. In the example with __unserialize(string $data): string, both parameter and return type are wrong, but these aren't picked up by any rule.
While we're at it we should verify the corectness of signatures of all magic methods. Needs a new rule probably.
I will prepare a separate PR for that
|
Thank you. |
types as defined in php-src
https://www.php.net/manual/en/language.oop5.magic.php#language.oop5.magic.serialize
https://3v4l.org/bLjLG
my motivation for this change is, as I am upgrading a php7 app for php8 compat per https://wiki.php.net/rfc/phase_out_serializable and I experienced php segfaults when I use the wrong signature or return the wrong data
returning the wrong result is a fatal error on php8