EntityId: Remove Serializable interface and methods

lucaswerkmeister · WMDE bot · commit d109c4c5a65d · 2024-01-18T20:59:34.000Z
This removes the ability to deserialize old serializations, but nothing
seems to rely on that ability: we hard-deprecated unserialize() and
didn’t see any log messages for it in production.

Also remove all the test cases that are “kind of an injection vector”.
__unserialize() still allows injecting some invalid serializations like
that, but it’s not something we want to support, so I have no idea why
we would want to test it, quite frankly.

Bug: T345856
Change-Id: I4850feb0b58ec6367c837f3855af50d34eedd665
Depends-On: I16cf6dfaa4c6271a158c62b4bc55372a7520488e
diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
@@ -6,7 +6,7 @@
   single array argument, which was deprecated in `Version 9.6.0 (2021-03-31)`. These should now be
   called with a variadic argument list.
 * Added `__serialize()` and `__unserialize()` methods to the `EntityId` interface,
-  and deprecated the `serialize()` and `unserialize()` methods.
+  and removed the `serialize()` and `unserialize()` methods and the `Serializable` interface.
 * Added native type hints to the `Statement` and `StatementList` classes
 * Added `strict_types=1` to `Statement.php`, `StatementList.php`, and related test files
 * Removed support for repository names in entity IDs (e.g. `foo:Q1234`)
diff --git a/src/Entity/EntityId.php b/src/Entity/EntityId.php
@@ -2,12 +2,10 @@
 
 namespace Wikibase\DataModel\Entity;
 
-use Serializable;
-
 /**
  * @license GPL-2.0-or-later
  */
-interface EntityId extends Serializable {
+interface EntityId {
 
 	/**
 	 * @return string
@@ -32,21 +30,6 @@ public function __toString();
 	 */
 	public function equals( $target );
 
-	/**
-	 * @see Serializable::serialize()
-	 * @return string|null
-	 * @deprecated Use {@link self::getSerialization()} instead.
-	 */
-	public function serialize();
-
-	/**
-	 * @see Serializable::unserialize()
-	 * @param string $data
-	 * @return void
-	 * @deprecated There should be no reason to use this.
-	 */
-	public function unserialize( $data );
-
 	/**
 	 * This method replaces {@link Serializable::serialize()}.
 	 * Do not call it manually.
diff --git a/src/Entity/ItemId.php b/src/Entity/ItemId.php
@@ -63,34 +63,10 @@ public function __serialize(): array {
 		return [ 'serialization' => $this->serialization ];
 	}
 
-	/**
-	 * @see Serializable::serialize
-	 *
-	 * @since 7.0 serialization format changed in an incompatible way
-	 *
-	 * @return string
-	 */
-	public function serialize() {
-		wfDeprecated( __METHOD__, '1.41' );
-		return $this->serialization;
-	}
-
 	public function __unserialize( array $data ): void {
 		$this->serialization = $data['serialization'];
 	}
 
-	/**
-	 * @see Serializable::unserialize
-	 *
-	 * @param string $serialized
-	 */
-	public function unserialize( $serialized ) {
-		wfDeprecated( __METHOD__, '1.41' );
-		$array = json_decode( $serialized );
-		$this->serialization = is_array( $array ) ? $array[1] : $serialized;
-		$this->serialization = $this->serialization ?? '';
-	}
-
 	/**
 	 * Construct an ItemId given the numeric part of its serialization.
 	 *
diff --git a/src/Entity/NumericPropertyId.php b/src/Entity/NumericPropertyId.php
@@ -59,32 +59,10 @@ public function __serialize(): array {
 		return [ 'serialization' => $this->serialization ];
 	}
 
-	/**
-	 * @see Serializable::serialize
-	 *
-	 * @return string
-	 */
-	public function serialize() {
-		wfDeprecated( __METHOD__, '1.41' );
-		return $this->serialization;
-	}
-
 	public function __unserialize( array $data ): void {
 		$this->serialization = $data['serialization'];
 	}
 
-	/**
-	 * @see Serializable::unserialize
-	 *
-	 * @param string $serialized
-	 */
-	public function unserialize( $serialized ) {
-		wfDeprecated( __METHOD__, '1.41' );
-		$array = json_decode( $serialized );
-		$this->serialization = is_array( $array ) ? $array[1] : $serialized;
-		$this->serialization = $this->serialization ?? '';
-	}
-
 	/**
 	 * Construct a NumericPropertyId given the numeric part of its serialization.
 	 *
diff --git a/tests/fixtures/CustomEntityId.php b/tests/fixtures/CustomEntityId.php
@@ -16,28 +16,10 @@ public function __serialize(): array {
 		return [ 'serialization' => $this->serialization ];
 	}
 
-	/**
-	 * @see Serializable::serialize
-	 *
-	 * @return string
-	 */
-	public function serialize() {
-		return $this->serialization;
-	}
-
 	public function __unserialize( array $data ): void {
 		$this->serialization = $data['serialization'];
 	}
 
-	/**
-	 * @see Serializable::unserialize
-	 *
-	 * @param string $serialized
-	 */
-	public function unserialize( $serialized ) {
-		$this->serialization = $serialized;
-	}
-
 	/**
 	 * @return string
 	 */
diff --git a/tests/unit/Entity/EntityIdTest.php b/tests/unit/Entity/EntityIdTest.php
@@ -55,14 +55,6 @@ public function testSerializationRoundtrip( EntityId $id ) {
 
 	public static function deserializationCompatibilityProvider(): array {
 		return [
-			'v05serialization' => [
-				new ItemId( 'q123' ),
-				'C:32:"Wikibase\DataModel\Entity\ItemId":15:{["item","Q123"]}',
-			],
-			'v07serialization' => [
-				new ItemId( 'q123' ),
-				'C:32:"Wikibase\DataModel\Entity\ItemId":4:{Q123}',
-			],
 			'2022-03 PHP 7.4+' => [
 				new ItemId( 'q123' ),
 				'O:32:"Wikibase\DataModel\Entity\ItemId":1:{s:13:"serialization";s:4:"Q123";}',
@@ -74,9 +66,6 @@ public static function deserializationCompatibilityProvider(): array {
 	 * @dataProvider deserializationCompatibilityProvider
 	 */
 	public function testDeserializationCompatibility( $expected, $serialization ) {
-		if ( str_starts_with( $serialization, 'C:' ) ) {
-			$this->expectDeprecationAndContinue( '/::unserialize/' );
-		}
 		$this->assertEquals(
 			$expected,
 			unserialize( $serialization )
diff --git a/tests/unit/Entity/EntityIdValueTest.php b/tests/unit/Entity/EntityIdValueTest.php
@@ -132,25 +132,16 @@ public static function provideDeserializationCompatibility() {
 		$custom = new EntityIdValue( new CustomEntityId( 'X567' ) );
 
 		return [
-			'local: Version 0.5 alpha (f5b8b64)' => [
-				'C:39:"Wikibase\DataModel\Entity\EntityIdValue":14:{["item",31337]}',
-				$local,
-			],
-			'local: Version 7.0 (7fcddfc)' => [
-				'C:39:"Wikibase\DataModel\Entity\EntityIdValue":'
-					. '50:{C:32:"Wikibase\DataModel\Entity\ItemId":6:{Q31337}}',
-				$local,
-			],
-			'custom: Version 7.0 (7fcddfc): custom' => [
-				'C:39:"Wikibase\DataModel\Entity\EntityIdValue":'
-					. '58:{C:42:"Wikibase\DataModel\Fixtures\CustomEntityId":4:{X567}}',
-				$custom,
-			],
 			'local 2022-03 PHP 7.4+' => [
 				'O:39:"Wikibase\DataModel\Entity\EntityIdValue":'
 					. '1:{s:8:"entityId";O:32:"Wikibase\DataModel\Entity\ItemId":1:{s:13:"serialization";s:6:"Q31337";}}',
 				$local,
 			],
+			'custom 2023-09 PHP 7.4+' => [
+				'O:39:"Wikibase\DataModel\Entity\EntityIdValue":'
+					. '1:{s:8:"entityId";O:42:"Wikibase\DataModel\Fixtures\CustomEntityId":1:{s:13:"serialization";s:4:"X567";}}',
+				$custom,
+			],
 		];
 	}
 
diff --git a/tests/unit/Entity/ItemIdTest.php b/tests/unit/Entity/ItemIdTest.php
@@ -87,33 +87,13 @@ public function testGetEntityType() {
 
 	public function testSerialize() {
 		$id = new ItemId( 'Q1' );
-		$this->expectDeprecationAndContinue( '/ItemId::serialize/' );
-		$this->assertSame( 'Q1', $id->serialize() );
+		$this->assertSame( [ 'serialization' => 'Q1' ], $id->__serialize() );
 	}
 
-	/**
-	 * @dataProvider serializationProvider
-	 */
-	public function testUnserialize( $json, $expected ) {
+	public function testUnserialize() {
 		$id = new ItemId( 'Q1' );
-		$this->expectDeprecationAndContinue( '/ItemId::unserialize/' );
-		$id->unserialize( $json );
-		$this->assertSame( $expected, $id->getSerialization() );
-	}
-
-	public static function serializationProvider() {
-		return [
-			[ 'Q2', 'Q2' ],
-			[ '["item","Q2"]', 'Q2' ],
-
-			// All these cases are kind of an injection vector and allow constructing invalid ids.
-			[ '["string","Q2"]', 'Q2' ],
-			[ '["","string"]', 'string' ],
-			[ '["",""]', '' ],
-			[ '["",2]', 2 ],
-			[ '["",null]', '' ],
-			[ '', '' ],
-		];
+		$id->__unserialize( [ 'serialization' => 'Q2' ] );
+		$this->assertSame( 'Q2', $id->getSerialization() );
 	}
 
 	/**
diff --git a/tests/unit/Entity/NumericPropertyIdTest.php b/tests/unit/Entity/NumericPropertyIdTest.php
@@ -86,33 +86,13 @@ public function testGetEntityType() {
 
 	public function testSerialize() {
 		$id = new NumericPropertyId( 'P1' );
-		$this->expectDeprecationAndContinue( '/NumericPropertyId::serialize/' );
-		$this->assertSame( 'P1', $id->serialize() );
+		$this->assertSame( [ 'serialization' => 'P1' ], $id->__serialize() );
 	}
 
-	/**
-	 * @dataProvider serializationProvider
-	 */
-	public function testUnserialize( $json, $expected ) {
+	public function testUnserialize() {
 		$id = new NumericPropertyId( 'P1' );
-		$this->expectDeprecationAndContinue( '/NumericPropertyId::unserialize/' );
-		$id->unserialize( $json );
-		$this->assertSame( $expected, $id->getSerialization() );
-	}
-
-	public static function serializationProvider() {
-		return [
-			[ 'P2', 'P2' ],
-			[ '["property","P2"]', 'P2' ],
-
-			// All these cases are kind of an injection vector and allow constructing invalid ids.
-			[ '["string","P2"]', 'P2' ],
-			[ '["","string"]', 'string' ],
-			[ '["",""]', '' ],
-			[ '["",2]', 2 ],
-			[ '["",null]', '' ],
-			[ '', '' ],
-		];
+		$id->__unserialize( [ 'serialization' => 'P2' ] );
+		$this->assertSame( 'P2', $id->getSerialization() );
 	}
 
 	/**
