prezly/forbid-serialization

Micro-package with a handy trait to forbid serialization of specific class in PHP

Maintainers

Details

github.com/prezly/forbid-serialization

Source

Issues

Installs: 105 655

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 6

Forks: 0

Open Issues: 0

v2.0.0 2023-10-05 13:08 UTC

Requires

  • php: ^7.4||^8.0

Requires (Dev)

MIT 21bbfab736e98399dbe0e4c2429bfc94ffd81e99

  • Ivan Voskoboinyk <ivan.woop@prezly.com>

This package is auto-updated.

Last update: 2024-11-09 11:39:11 UTC

README

Prezly's ForbidSerialization is a micro-package with a handy trait to forbid serialization of specific class in PHP.

This is because standard PHP serialize() function can serialize anything, even instances you'd never want to be serialized. So ForbidSerialization is just a nice easy way to opt-out whenever you do not intentionally want an object to be serialized (which should be the default in 99.99% of all cases).

See this awesome talk from Marco Pivetta on Extremely Defensive PHP. Specifically the part about serialization: https://youtu.be/Gl9td0zGLhw?t=2352

Usage

Usage is as simple as adding use ForbidSerialization to any class. Only make sure you do not override __sleep() or __serialize() methods.

use Prezly\ForbidSerialization\ForbidsSerialization;

class AmazonWebServicesIntegrationService {
    use ForbidsSerialization;
    
    // ...
}

Changelog

Credits

Brought to you with ❤️ by Prezly.