Disabled __wakeup methods were originally introduced in PHPC-190. This was primarily needed for PHP 5.x. In PHP 7.0+, it's sufficient to disable the serialization object handlers (as is done in PHONGO_CE_DISABLE_SERIALIZATION). In PHP 8.1+, we need only add a flag on the class entry (PHPC-1922).

After removing Manager::__wakeup and its references in other non-serializable classes, we can test that serialization is still prohibited via a test like the following:

--TEST--

MongoDB\Driver\Manager does not support serialization

--FILE--

<?php

require_once __DIR__ . '/../utils/basic.inc';

echo throws(function() {

    serialize(create_test_manager());

}, Exception::class), "\n";

echo throws(function() {

    unserialize('C:22:"MongoDB\Driver\Manager":0:{}');

}, Exception::class), "\n";

echo raises(function() {

    unserialize('O:22:"MongoDB\Driver\Manager":0:{}');

}, E_WARNING), "\n";

?>

===DONE===

<?php exit(0); ?>

--EXPECTF--

OK: Got Exception

Serialization of 'MongoDB\Driver\Manager' is not allowed

OK: Got Exception

Unserialization of 'MongoDB\Driver\Manager' is not allowed

OK: Got E_WARNING

Erroneous data format for unserializing 'MongoDB\Driver\Manager'

===DONE===

Note that we'll need to test both C and O formats. O was previously used by __wakeup but is now used by the new __unserialize method in PHP 7.4+ (see: PHPC-1849).

The test above may also need some adjustment for PHP 8.1, as the error for unserializing O notation likely differs from earlier PHP versions.