[wp-trac] [WordPress Trac] #45895: maybe_unserialize: handle exceptions thrown during unserialization

WordPress Trac noreply at wordpress.org
Tue Mar 12 14:44:32 UTC 2019 

#45895: maybe_unserialize: handle exceptions thrown during unserialization
-------------------------------------------------+-------------------------
 Reporter:  bluefuton                            |       Owner:  desrosj
     Type:  defect (bug)                         |      Status:  reviewing
 Priority:  normal                               |   Milestone:  5.2
Component:  General                              |     Version:  5.1
 Severity:  normal                               |  Resolution:
 Keywords:  has-patch has-unit-tests reporter-   |     Focuses:
  feedback close 2nd-opinion                     |
-------------------------------------------------+-------------------------
Changes (by desrosj):

 * keywords:  has-patch has-unit-tests reporter-feedback needs-refresh =>
     has-patch has-unit-tests reporter-feedback close 2nd-opinion


Comment:

 I returned to this today, and after thinking it through some more, I am
 marking as a candidate to `close` as a `wontfix` pending a second opinion.

 I don't think we should prevent an exception when attempting to serialize
 a closure or `SimpleXMLElement` for a few reasons.

 First, if the function was changed to just return the data if it was not
 able to be serialized, it would then be failing silently and the developer
 would not have any way to know why the data was not serialized unless the
 function's return value was changed to allow a `WP_Error` or `false`. But,
 that is not really an option because this function is so old.

 Instead of returning a value to indicate an error, a `_doing_it_wrong()`
 could be called. But at that point, Core would be doing the exact same
 thing as the exception. It also would circumvent any custom exception
 handling configured for a site using `set_exception_handler()`.

 There are also very few occurrences of `try {} catch{}` in Core. The main
 exceptions are bundled external libraries (such as `PHPMailer` or
 `getID3`), and a few instances where exceptions could be thrown for
 unknown or unpredictable reasons (such as with the `Imagick` image
 editor).

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/45895#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list