Don't you think that's rather dangerous? PHP serialization can include
objects, and it calls wakeup() on the object if that exists after
unserialization. In theory that could do almost anything, right?
Tim
On Tue, Dec 30, 2008 at 1:55 PM, Cloutman, David
<[log in to unmask]> wrote:
> I have a quick question for any PHP developers out there.
>
> I am writing a SOA application to manage my library's events calendar.
> The basic idea is to create a public API that our web site or other
> community organizations can use to query and consume information. I am
> using JSON as the default output for information, but would like to add
> the option of outputting native serialized PHP data structures as
> created by the serialized() function.
>
> My question is, what mime type should I use for serialized PHP data? The
> best suggestion I saw through Google was application/vnd.php.serialized,
> which was posted as a proposal. I don't know if any standard was adopted
> though. Has anyone else thought about this issue?
>
> - David
>
>
>
> ---
> David Cloutman <[log in to unmask]>
> Electronic Services Librarian
> Marin County Free Library
>
> Email Disclaimer: http://www.co.marin.ca.us/nav/misc/EmailDisclaimer.cfm
>
--
Check out my library at http://www.librarything.com/profile/timspalding
|