discovered that all key/value store implementations in core are hard-coding PHP
serialize()as serialization format right now.
serialize()is definitely not always the most appropriate serialization format.
unserialize()has security issues.
A key/value store MUST NOT care for the serialization format being used to begin with — its sole responsibility is to store a (string) value and retrieve it. The serialization format only needs to be consistent for each instance of a key/value store.
As a concrete use-case, the (file-based) configuration system currently expects data to be encoded and decoded in YAML.
Drupal\Component\Serializationas a core component that provides default implementations for serialization formats used in Drupal.
Inject a serialization format into each key/value store instance.
This issue only adds the
PhpSerializeserialization format, which is currently used by key/value store implementations.
The set of formats is completed by