summaryrefslogtreecommitdiff
path: root/UPGRADING
diff options
context:
space:
mode:
authorNikita Popov <nikita.ppv@gmail.com>2020-08-04 22:24:26 +0200
committerNikita Popov <nikita.ppv@gmail.com>2020-08-04 22:24:44 +0200
commit0d836a39a71e1c3b97458e8cf4c5e001dcb392d4 (patch)
tree9162892ba62eb84766945f1d68ae137d56c9a58b /UPGRADING
parent37a878b8c3fdd47ef5883a7a44a262c1c9909b0a (diff)
downloadphp-git-0d836a39a71e1c3b97458e8cf4c5e001dcb392d4.tar.gz
Revert "Prepare for PHP 8.1"
This reverts commit 1ab4d0e6b7abb67d5a01ce3327bf973772271fb2. This reverts commit a359635cb1a4df8b5137a506c88c4cb102acac0e.
Diffstat (limited to 'UPGRADING')
-rw-r--r--UPGRADING1006
1 files changed, 1005 insertions, 1 deletions
diff --git a/UPGRADING b/UPGRADING
index 078cb78077..15e19f2782 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -1,4 +1,4 @@
-PHP 8.1 UPGRADE NOTES
+PHP 8.0 UPGRADE NOTES
1. Backward Incompatible Changes
2. New Features
@@ -20,54 +20,1058 @@ PHP 8.1 UPGRADE NOTES
1. Backward Incompatible Changes
========================================
+- Core:
+ . Assertion failures now throw by default. If the old behavior is desired,
+ then set `assert.exception=0` in INI settings.
+ . Methods with the same name as the class are no longer interpreted as
+ constructors. The __construct() method should be used instead.
+ . Removed ability to call non-static methods statically.
+ . Removed (unset) cast.
+ . Removed track_errors ini directive. This means that $php_errormsg is no
+ longer available. The error_get_last() function may be used instead.
+ . Removed the ability to define case-insensitive constants. The third
+ argument to define() may no longer be true.
+ . Access to undefined constants now always results in an Error exception.
+ Previously, unqualified constant accesses resulted in a warning and were
+ interpreted as strings.
+ . Removed ability to specify an autoloader using an __autoload() function.
+ spl_autoload_register() should be used instead.
+ . Removed the $errcontext argument for custom error handlers.
+ . Removed create_function(). Anonymous functions may be used instead.
+ . Removed each(). foreach or ArrayIterator should be used instead.
+ . Removed ability to unbind $this from closures that were created from a
+ method, using Closure::fromCallable() or ReflectionMethod::getClosure().
+ . Also removed ability to unbind $this from proper closures that contain uses
+ of $this.
+ . Removed ability to use array_key_exists() with objects. Use one of isset()
+ or property_exists() instead.
+ . Made the behavior of array_key_exists() regarding the type of the key
+ parameter consistent with isset() and normal array access. All key types now
+ use the usual coercions and array/object keys throw a TypeError.
+ . Any array that has a number n as its first numeric key will use n+1 for
+ its next implicit key, even if n is negative.
+ RFC: https://wiki.php.net/rfc/negative_array_index
+ . The default error_reporting level is now E_ALL. Previously it excluded
+ E_NOTICE and E_DEPRECATED.
+ . display_startup_errors is now enabled by default.
+ . Using "parent" inside a class that has no parent will now result in a
+ fatal compile-time error.
+ . The @ operator will no longer silence fatal errors (E_ERROR, E_CORE_ERROR,
+ E_COMPILE_ERROR, E_USER_ERROR, E_RECOVERABLE_ERROR, E_PARSE). Error handlers
+ that expect error_reporting to be 0 when @ is used, should be adjusted to
+ use a mask check instead:
+
+ // Replace
+ function my_error_handler($err_no, $err_msg, $filename, $linenum) {
+ if (error_reporting() == 0) {
+ return; // Silenced
+ }
+ // ...
+ }
+
+ // With
+ function my_error_handler($err_no, $err_msg, $filename, $linenum) {
+ if (!(error_reporting() & $err_no)) {
+ return; // Silenced
+ }
+ // ...
+ }
+
+ Additionally, care should be taken that error messages are not displayed in
+ production environments, which can result in information leaks. Please
+ ensure that display_errors=Off is used in conjunction with error logging.
+ . Adding more than one @ operator to an expression is no longer supported,
+ since this syntax is now used for attributes (previously extra @ operators
+ had no effect).
+ RFC: https://wiki.php.net/rfc/shorter_attribute_syntax
+ . Inheritance errors due to incompatible method signatures (LSP violations)
+ will now always generate a fatal error. Previously a warning was generated
+ in some cases.
+ RFC: https://wiki.php.net/rfc/lsp_errors
+ . The precedence of the concatenation operator has changed relative to
+ bitshifts and addition as well as subtraction.
+ RFC: https://wiki.php.net/rfc/concatenation_precedence
+ . Arguments with a default value that resolves to null at runtime will no
+ longer implicitly mark the argument type as nullable. Either use an explicit
+ nullable type, or an explicit null default value instead.
+
+ // Replace
+ function test(int $arg = CONST_RESOLVING_TO_NULL) {}
+ // With
+ function test(?int $arg = CONST_RESOLVING_TO_NULL) {}
+ // Or
+ function test(int $arg = null) {}
+ . A number of warnings have been converted into Error exceptions:
+
+ * Attempting to write to a property of a non-object. Previously this
+ implicitly created an stdClass object for null, false and empty strings.
+ * Attempting to append an element to an array for which the PHP_INT_MAX key
+ is already used.
+ * Attempting to use an invalid type (array or object) as an array key or
+ string offset.
+ * Attempting to write to an array index of a scalar value.
+ * Attempting to unpack a non-array/Traversable.
+
+ A number of notices have been converted into warnings:
+
+ * Attempting to read an undefined variable.
+ * Attempting to read an undefined property.
+ * Attempting to read an undefined array key.
+ * Attempting to read a property of a non-object.
+ * Attempting to access an array index of a non-array.
+ * Attempting to convert an array to string.
+ * Attempting to use a resource as an array key.
+ * Attempting to use null, a boolean, or a float as a string offset.
+ * Attempting to read an out-of-bounds string offset.
+ * Attempting to assign an empty string to a string offset.
+
+ RFC: https://wiki.php.net/rfc/engine_warnings
+ . Attempting to assign multiple bytes to a string offset will now emit a
+ warning.
+ . Unexpected characters in source files (such as null bytes outside of
+ strings) will now result in a ParseError exception instead of a compile
+ warning.
+ . Uncaught exceptions now go through "clean shutdown", which means that
+ destructors will be called after an uncaught exception.
+ . Compile time fatal error "Only variables can be passed by reference" has
+ been delayed until runtime and converted to "Cannot pass parameter by
+ reference" exception.
+ . Some "Only variables should be passed by reference" notices have been
+ converted to "Cannot pass parameter by reference" exception.
+ . The generated name for anonymous classes has changed. It will now include
+ the name of the first parent or interface:
+
+ new class extends ParentClass {};
+ // -> ParentClass@anonymous
+ new class implements FirstInterface, SecondInterface {};
+ // -> FirstInterface@anonymous
+ new class {};
+ // -> class@anonymous
+
+ The name shown above is still followed by a null byte and and a unique
+ suffix.
+ . Non-absolute trait method references in trait alias adaptations are now
+ required to be unambiguous:
+
+ class X {
+ use T1, T2 {
+ func as otherFunc;
+ }
+ function func() {}
+ }
+
+ If both T1::func() and T2::func() exist, this code was previously silently
+ accepted, and func as assumed to refer to T1::func. Now it will generate a
+ fatal error instead, and either T1::func or T2::func needs to be written
+ explicitly.
+ . The signature of abstract methods defined in traits is now checked against
+ the implementing class method:
+
+ trait MyTrait {
+ abstract private function neededByTrait(): string;
+ }
+
+ class MyClass {
+ use MyTrait;
+
+ // Error, because of return type mismatch.
+ private function neededByTrait(): int { return 42; }
+ }
+
+ RFC: https://wiki.php.net/rfc/abstract_trait_method_validation
+ . Disabled functions are now treated exactly like non-existent functions.
+ Calling a disabled function will report it as unknown, and redefining a
+ disabled function is now possible.
+ . data: stream wrappers are no longer writable, which matches the documented
+ behavior.
+ . The arithmetic and bitwise operators
+ +, -, *, /, **, %, <<, >>, &, |, ^, ~, ++, --
+ will now consistently throw a TypeError when one of the operands is an
+ array, resource or non-overloaded object. The only exception to this is the
+ array + array merge operation, which remains supported.
+ RFC: https://wiki.php.net/rfc/arithmetic_operator_type_checks
+ . Float to string casting will now always behave locale-independently.
+ RFC: https://wiki.php.net/rfc/locale_independent_float_to_string
+ . Removed support for deprecated curly braces for offset access
+ RFC: https://wiki.php.net/rfc/deprecate_curly_braces_array_access
+ . Applying the final modifier on a private method will now produce a warning
+ unless that method is the constructor.
+ RFC: https://wiki.php.net/rfc/inheritance_private_methods
+ . If an object constructor exit()s, the object destructor will no longer be
+ called. This matches the behavior when the constructor throws.
+ . Non-strict comparisons between numbers and non-numeric strings now work by
+ casting the number to string and comparing the strings. Comparisons between
+ numbers and numeric strings continue to work as before. Notably, this means
+ that `0 == "not-a-number"` is considered false now.
+ RFC: https://wiki.php.net/rfc/string_to_number_comparison
+ . Namespaced names can no longer contain whitespace: While `Foo\Bar` will be
+ recognized as a namespaced name, `Foo \ Bar` will not. Conversely, reserved
+ keywords are now permitted as namespace segments.
+ RFC: https://wiki.php.net/rfc/namespaced_names_as_token
+ . Nested ternaries now require explicit parentheses.
+ RFC: https://wiki.php.net/rfc/ternary_associativity
+ . debug_backtrace() and Exception::getTrace() will no longer provide
+ references to arguments. It will not be possible to change function
+ arguments through the backtrace.
+ . Numeric string handling has been altered to be more intuitive and less
+ error-prone. Trailing whitespace is now allowed in numeric strings for
+ consistency with how leading whitespace is treated. This mostly affects:
+ - The is_numeric() function
+ - String-to-string comparisons
+ - Type declarations
+ - Increment and decrement operations
+ The concept of a "leading-numeric string" has been mostly dropped; the
+ cases where this remains exist in order to ease migration. Strings which
+ emitted an E_NOTICE "A non well-formed numeric value encountered" will now
+ emit an E_WARNING "A non-numeric value encountered" and all strings which
+ emitted an E_WARNING "A non-numeric value encountered" will now throw a
+ TypeError. This mostly affects:
+ - Arithmetic operations
+ - Bitwise operations
+ This E_WARNING to TypeError change also affects the E_WARNING
+ "Illegal string offset 'string'" for illegal string offsets. The behavior
+ of explicit casts to int/float from strings has not been changed.
+ RFC: https://wiki.php.net/rfc/saner-numeric-strings
+ . Magic Methods will now have their arguments and return types checked if
+ they have them declared. The signatures should match the following list:
+
+ __call(string $name, array $arguments): mixed
+ __callStatic(string $name, array $arguments): mixed
+ __clone(): void
+ __debugInfo(): ?array
+ __get(string $name): mixed
+ __invoke(mixed $arguments): mixed
+ __isset(string $name): bool
+ __serialize(): array
+ __set(string $name, mixed $value): void
+ __set_state(array $properties): object
+ __sleep(): array
+ __unserialize(array $data): void
+ __unset(string $name): void
+ __wakeup(): void
+
+ RFC: https://wiki.php.net/rfc/magic-methods-signature
+
+- COM:
+ . Removed the ability to import case-insensitive constants from type
+ libraries. The second argument to com_load_typelib() may no longer be false;
+ com.autoregister_casesensitive may no longer be disabled; case-insensitive
+ markers in com.typelib_file are ignored.
+
+- Curl:
+ . CURLOPT_POSTFIELDS no longer accepts objects as arrays. To interpret an
+ object as an array, perform an explicit (array) cast. The same applies to
+ other options accepting arrays as well.
+
+- Date:
+ . mktime() and gmmktime() now require at least one argument. time() can be
+ used to get the current timestamp.
+
+- dom:
+ . Remove unimplemented classes from ext/dom that had no behavior and contained
+ test data. These classes have also been removed in the latest version of DOM
+ standard:
+
+ * DOMNameList
+ * DomImplementationList
+ * DOMConfiguration
+ * DomError
+ * DomErrorHandler
+ * DOMImplementationSource
+ * DOMLocator
+ * DOMUserDataHandler
+ * DOMTypeInfo
+
+- Enchant:
+ . enchant_broker_list_dicts(), enchant_broker_describe() and
+ enchant_dict_suggest() will now return an empty array instead of null.
+ . enchant_broker_init() will now return an EnchantBroker object rather than
+ a resource. Return value checks using is_resource() should be replaced with
+ checks for `false`.
+ . enchant_broker_request_dict() and enchant_broker_request_pwl_dict() will now
+ return an EnchantDictionary object rather than a resource. Return value
+ checks using is_resource() should be replaced with checks for `false`.
+
+- Exif:
+ . Removed read_exif_data(). exif_read_data() should be used instead.
+
+- Filter:
+ . The FILTER_FLAG_SCHEME_REQUIRED and FILTER_FLAG_HOST_REQUIRED flags for the
+ FILTER_VALIDATE_URL filter have been removed. The scheme and host are (and
+ have been) always required.
+ . The INPUT_REQUEST and INPUT_SESSION source for filter_input() etc have been
+ removed. These were never implemented and their use always generated a
+ warning.
+
+- GD:
+ . The GD extension now uses objects as the underlying data structure for
+ images, rather than resources. These objects are completely opaque, i.e.
+ they don't have any methods.
+ . The deprecated function image2wbmp() has been removed.
+ RFC: https://wiki.php.net/rfc/image2wbmp
+ . The deprecated functions png2wbmp() and jpeg2wbmp() have been removed.
+ RFC: https://wiki.php.net/rfc/deprecate-png-jpeg-2wbmp
+ . The default $mode parameter of imagecropauto() no longer accepts -1.
+ IMG_CROP_DEFAULT should be used instead.
+
+- GMP:
+ . gmp_random() has been removed. One of gmp_random_range() or
+ gmp_random_bits() should be used instead.
+
+- Iconv:
+ . iconv() implementations which do not properly set errno in case of errors
+ are no longer supported.
+
+- Intl:
+ . The deprecated constant INTL_IDNA_VARIANT_2003 has been removed.
+ RFC: https://wiki.php.net/rfc/deprecate-and-remove-intl_idna_variant_2003
+ . The deprecated Normalizer::NONE constant has been removed.
+ . The IntlDateFormatter::RELATIVE_FULL, IntlDateFormatter::RELATIVE_LONG,
+ IntlDateFormatter::RELATIVE_MEDIUM, and IntlDateFormatter::RELATIVE_SHORT
+ constants have been added.
+
+- LDAP:
+ . The deprecated function ldap_sort has been removed.
+ . The interface of ldap_set_rebind_proc has changed; the $callback parameter
+ does not accept empty string anymore; null value shall be used instead.
+
+- Mbstring:
+ . The mbstring.func_overload directive has been removed. The related
+ MB_OVERLOAD_MAIL, MB_OVERLOAD_STRING, and MB_OVERLOAD_REGEX constants have
+ also been removed. Finally, the "func_overload" and "func_overload_list"
+ entries in mb_get_info() have been removed.
+ . mb_parse_str() can no longer be used without specifying a result array.
+ . A number of deprecated mbregex aliases have been removed. See the following
+ list for which functions should be used instead:
+
+ * mbregex_encoding() -> mb_regex_encoding()
+ * mbereg() -> mb_ereg()
+ * mberegi() -> mb_eregi()
+ * mbereg_replace() -> mb_ereg_replace()
+ * mberegi_replace() -> mb_eregi_replace()
+ * mbsplit() -> mb_split()
+ * mbereg_match() -> mb_ereg_match()
+ * mbereg_search() -> mb_ereg_search()
+ * mbereg_search_pos() -> mb_ereg_search_pos()
+ * mbereg_search_regs() -> mb_ereg_search_regs()
+ * mbereg_search_init() -> mb_ereg_search_init()
+ * mbereg_search_getregs() -> mb_ereg_search_getregs()
+ * mbereg_search_getpos() -> mb_ereg_search_getpos()
+ * mbereg_search_setpos() -> mb_ereg_search_setpos()
+
+ . The 'e' modifier for mb_ereg_replace() has been removed.
+ mb_ereg_replace_callback() should be used instead.
+ . A non-string pattern argument to mb_ereg_replace() will now be interpreted
+ as a string instead of an ASCII codepoint. The previous behavior may be
+ restored with an explicit call to chr().
+ . The needle argument for mb_strpos(), mb_strrpos(), mb_stripos(),
+ mb_strripos(), mb_strstr(), mb_stristr(), mb_strrchr() and mb_strrichr() can
+ now be empty.
+ . The $is_hex parameter, which was not used internally, has been removed from
+ mb_decode_numericentity().
+ . The legacy behavior of passing the encoding as the third argument instead
+ of an offset for the mb_strrpos() function has been removed; provide an
+ explicit 0 offset with the encoding as the fourth argument instead.
+ . The ISO_8859-* character encoding aliases have been replaced by ISO8859-*
+ aliases for better interoperability with the iconv extension. The mbregex
+ ISO 8859 aliases with underscores (ISO_8859_* and ISO8859_*) have also been
+ removed.
+
+- OCI8:
+ . Several alias functions have been marked as deprecated.
+ . oci_internal_debug() and its alias ociinternaldebug() have been removed.
+
+- OpenSSL:
+ . openssl_x509_read() and openssl_csr_sign() will now return an
+ OpenSSLCertificate object rather than a resource. Return value checks using
+ is_resource() should be replaced with checks for `false`.
+ . The openssl_x509_free() function is deprecated and no longer has an effect,
+ instead the OpenSSLCertificate instance is automatically destroyed if it is no
+ longer referenced.
+ . openssl_csr_new() will now return an OpenSSLCertificateSigningRequest object
+ rather than a resource. Return value checks using is_resource() should be
+ replaced with checks for `false`.
+ . openssl_pkey_new() will now return an OpenSSLAsymmetricKey object rather than a
+ resource. Return value checks using is_resource() should be replaced with
+ checks for `false`.
+ . The openssl_pkey_free() function is deprecated and no longer has an effect,
+ instead the OpenSSLAsymmetricKey instance is automatically destroyed if it is no
+ longer referenced.
+
+- PCRE:
+ . When passing invalid escape sequences they are no longer interpreted as
+ literals. This behavior previously required the X modifier - which is
+ now ignored.
+
+- PDO:
+ . The default error handling mode has been changed from "silent" to
+ "exceptions". See https://www.php.net/manual/en/pdo.error-handling.php
+ for details of behavior changes and how to explicitly set this attribute.
+ RFC: https://wiki.php.net/rfc/pdo_default_errmode
+ . The signatures of some PDO methods have changed:
+
+ PDO::query(
+ string $statement, ?int $fetch_mode = null, ...$fetch_mode_args)
+ PDOStatement::setFetchMode(int $mode, ...$params)
+
+- PDO_ODBC:
+ . The php.ini directive pdo_odbc.db2_instance_name has been removed
+
+- Phar:
+ . Metadata associated with a phar will no longer be automatically unserialized,
+ to fix potential security vulnerabilities due to object instantiation, autoloading, etc.
+ RFC: https://wiki.php.net/rfc/phar_stop_autoloading_metadata
+
+- Reflection:
+ . The method signatures
+
+ ReflectionClass::newInstance($args)
+ ReflectionFunction::invoke($args)
+ ReflectionMethod::invoke($object, $args)
+
+ have been changed to:
+
+ ReflectionClass::newInstance(...$args)
+ ReflectionFunction::invoke(...$args)
+ ReflectionMethod::invoke($object, ...$args)
+
+ Code that must be compatible with both PHP 7 and PHP 8 can use the following
+ signatures to be compatible with both versions:
+
+ ReflectionClass::newInstance($arg = null, ...$args)
+ ReflectionFunction::invoke($arg = null, ...$args)
+ ReflectionMethod::invoke($object, $arg = null, ...$args)
+
+ . The ReflectionType::__toString() method will now return a complete debug
+ representation of the type, and is no longer deprecated. In particular the
+ result will include a nullability indicator for nullable types. The format
+ of the return value is not stable and may change between PHP versions.
+ . Reflection export() methods have been removed.
+ . The following methods can now return information about default values of
+ parameters of internal functions:
+ ReflectionParameter::isDefaultValueAvailable()
+ ReflectionParameter::getDefaultValue()
+ ReflectionParameter::isDefaultValueConstant()
+ ReflectionParameter::getDefaultValueConstantName()
+ . ReflectionMethod::isConstructor() and ReflectionMethod::isDestructor() now
+ also return true for `__construct` and `__destruct` methods of interfaces.
+ Previously, this would only be true for methods of classes and traits.
+ . ReflectionType::isBuiltin() method has been moved to ReflectionNamedType.
+ ReflectionUnionType does not have it.
+
+- Sockets:
+ . The deprecated AI_IDN_ALLOW_UNASSIGNED and AI_IDN_USE_STD3_ASCII_RULES
+ flags for socket_addrinfo_lookup() have been removed.
+ . socket_create(), socket_create_listen(), socket_accept(),
+ socket_import_stream(), socket_addrinfo_connect(), socket_addrinfo_bind(),
+ and socket_wsaprotocol_info_import() will now return a Socket object rather
+ than a resource. Return value checks using is_resource() should be replaced
+ with checks for `false`.
+ . socket_addrinfo_lookup() will now return an array of AddressInfo objects
+ rather than resources.
+
+- SPL:
+ . SplFileObject::fgetss() has been removed.
+ . SplHeap::compare($a, $b) now specifies a method signature. Inheriting
+ classes implementing this method will now have to use a compatible
+ method signature.
+ . SplDoublyLinkedList::push() now returns void instead of true
+ . SplDoublyLinkedList::unshift() now returns void instead of true
+ . SplQueue::enqueue() now returns void instead of true
+ . spl_autoload_register() will now always throw a TypeError on invalid
+ arguments, therefore the second argument $do_throw is ignored and a
+ notice will be emitted if it is set to false.
+
+- Standard:
+ . assert() will no longer evaluate string arguments, instead they will be
+ treated like any other argument. assert($a == $b) should be used instead of
+ assert('$a == $b'). The assert.quiet_eval ini directive and
+ ASSERT_QUIET_EVAL constants have also been removed, as they would no longer
+ have any effect.
+ . parse_str() can no longer be used without specifying a result array.
+ . fgetss() has been removed.
+ . The string.strip_tags filter has been removed.
+ . The needle argument of strpos(), strrpos(), stripos(), strripos(), strstr(),
+ strchr(), strrchr(), and stristr() will now always be interpreted as a
+ string. Previously non-string needles were interpreted as an ASCII code
+ point. An explicit call to chr() can be used to restore the previous
+ behavior.
+ . The needle argument for strpos(), strrpos(), stripos(), strripos(),
+ strstr(), stristr() and strrchr() can now be empty.
+ . The length argument for substr(), substr_count(), substr_compare(), and
+ iconv_substr() can now be null. Null values will behave as if no length
+ argument was provided and will therefore return the remainder of the string
+ instead of an empty string.
+ . The length argument for array_splice() can now be null. Null values will
+ behave identically to omitting the argument, thus removing everything from
+ the 'offset' to the end of the array.
+ . The args argument of vsprintf(), vfprintf(), and vprintf() must now be an
+ array. Previously any type was accepted.
+ . The 'salt' option of password_hash() is no longer supported. If the 'salt'
+ option is used a warning is generated, the provided salt is ignored, and a
+ generated salt is used instead.
+ . The quotemeta() function will now return an empty string if an empty string
+ was passed. Previously false was returned.
+ . hebrevc() has been removed.
+ . convert_cyr_string() has been removed.
+ . money_format() has been removed.
+ . ezmlm_hash() has been removed.
+ . restore_include_path() has been removed.
+ . get_magic_quotes_gpc() and get_magic_quotes_gpc_runtime() has been removed.
+ . FILTER_SANITIZE_MAGIC_QUOTES has been removed.
+ . Calling implode() with parameters in a reverse order ($pieces, $glue) is no
+ longer supported.
+ . parse_url() will now distinguish absent and empty queries and fragments:
+
+ http://example.com/foo => query = null, fragment = null
+ http://example.com/foo? => query = "", fragment = null
+ http://example.com/foo# => query = null, fragment = ""
+ http://example.com/foo?# => query = "", fragment = ""
+
+ Previously all cases resulted in query and fragment being null.
+ . var_dump() and debug_zval_dump() will now print floating-point numbers
+ using serialize_precision rather than precision. In a default configuration,
+ this means that floating-point numbers are now printed with full accuracy
+ by these debugging functions.
+ . If the array returned by __sleep() contains non-existing properties, these
+ are now silently ignored. Previously, such properties would have been
+ serialized as if they had the value NULL.
+ . The default locale on startup is now always "C". No locales are inherited
+ from the environment by default. Previously, LC_ALL was set to "C", while
+ LC_CTYPE was inherited from the environment. However, some functions did not
+ respect the inherited locale without an explicit setlocale() call. An
+ explicit setlocale() call is now always required if you wish to change any
+ locale component from the default.
+ . Removed deprecated DES fallback in crypt(). If an unknown salt format is
+ passed to crypt(), the function will fail with *0 instead of falling back
+ to a weak DES hash now.
+ . Specifying out of range rounds for sha256/sha526 crypt() will now fail with
+ *0 instead of clamping to the closest limit. This matches glibc behavior.
+ . The result of sorting functions may have changed, if the array contains
+ elements that compare as equal.
+ . Sort comparison functions that return true or false will now throw a
+ deprecation warning, and should be replaced with an implementation
+ that returns an integer less than, equal to, or greater than zero.
+
+ // Replace
+ usort($array, fn($a, $b) => $a > $b);
+ // With
+ usort($array, fn($a, $b) => $a <=> $b);
+
+ . Any functions accepting callbacks that are not explicitly specified to
+ accept parameters by reference will now warn if a callback with reference
+ parameters is used. Examples include array_filter() and array_reduce().
+ This was already the case for most, but not all, functions previously.
+ . The HTTP stream wrapper as used by functions like file_get_contents()
+ now advertises HTTP/1.1 rather than HTTP/1.0 by default. This does not
+ change the behavior of the client, but may cause servers to respond
+ differently. To retain the old behavior, set the 'protocol_version'
+ stream context option, e.g.
+
+ $ctx = stream_context_create(['http' => ['protocol_version' => '1.0']]);
+ echo file_get_contents('http://example.org', false, $ctx);
+
+- Sysvmsg:
+ . msg_get_queue() will now return an SysvMessageQueue object rather than a
+ resource. Return value checks using is_resource() should be replaced with
+ checks for `false`.
+
+- Sysvsem:
+ . sem_get() will now return an SysvSemaphore object rather than a resource.
+ Return value checks using is_resource() should be replaced with checks
+ for `false`.
+
+- Sysvshm:
+ . shm_attach() will now return an SysvSharedMemory object rather than a resource.
+ Return value checks using is_resource() should be replaced with checks
+ for `false`.
+
+- tidy:
+ . The $use_include_path parameter, which was not used internally, has been
+ removed from tidy_repair_string().
+
+- Tokenizer:
+ . T_COMMENT tokens will no longer include a trailing newline. The newline will
+ instead be part of a following T_WHITESPACE token. It should be noted that
+ T_COMMENT is not always followed by whitespace, it may also be followed by
+ T_CLOSE_TAG or end-of-file.
+ . Namespaced names are now represented using the T_NAME_QUALIFIED (Foo\Bar),
+ T_NAME_FULLY_QUALIFIED (\Foo\Bar) and T_NAME_RELATIVE (namespace\Foo\Bar)
+ tokens. T_NS_SEPARATOR is only used for standalone namespace separators,
+ and only syntactially valid in conjunction with group use declarations.
+ RFC: https://wiki.php.net/rfc/namespaced_names_as_token
+
+- XML:
+ . xml_parser_create(_ns) will now return an XmlParser object rather than a
+ resource. Return value checks using is_resource() should be replaced with
+ checks for `false`. The xml_parser_free() function no longer has an effect,
+ instead the XmlParser instance is automatically destroyed if it is no longer
+ referenced.
+
+- XMLWriter:
+ . The XMLWriter functions now accept and return, respectively, XMLWriter
+ objects instead of resources.
+
+- Zip:
+ . ZipArchive::OPSYS_Z_CPM has been removed (this name was a typo). Use
+ ZipArchive::OPSYS_CPM instead.
+
+- Zlib:
+ . gzgetss() has been removed.
+ . inflate_init() will now return an InflateContext object rather than a
+ resource. Return value checks using is_resource() should be replaced with
+ checks for `false`.
+ . deflate_init() will now return a DeflateContext object rather than a
+ resource. Return value checks using is_resource() should be replaced with
+ checks for `false`.
+
========================================
2. New Features
========================================
+- Core:
+ . Added support for union types.
+ RFC: https://wiki.php.net/rfc/union_types_v2
+ . Added WeakMap.
+ RFC: https://wiki.php.net/rfc/weak_maps
+ . Added ValueError class.
+ . Any number of function parameters may now be replaced by a variadic
+ argument, as long as the types are compatible. For example, the following
+ code is now allowed:
+
+ class A {
+ public function method(int $many, string $parameters, $here) {}
+ }
+ class B extends A {
+ public function method(...$everything) {}
+ }
+ . "static" (as in "late static binding") can now be used as a return type:
+
+ class Test {
+ public function create(): static {
+ return new static();
+ }
+ }
+
+ RFC: https://wiki.php.net/rfc/static_return_type
+ . It is now possible to fetch the class name of an object using
+ `$object::class`. The result is the same as `get_class($object)`.
+ RFC: https://wiki.php.net/rfc/class_name_literal_on_object
+ . New and instanceof can now be used with arbitrary expressions, using
+ `new (expression)(...$args)` and `$obj instanceof (expression)`.
+ RFC: https://wiki.php.net/rfc/variable_syntax_tweaks
+ . Some consistency fixes to variable syntax have been applied, for example
+ writing `Foo::BAR::$baz` is now allowed.
+ RFC: https://wiki.php.net/rfc/variable_syntax_tweaks
+ . Added Stringable interface, which is automatically implemented if a class
+ defines a __toString() method.
+ RFC: https://wiki.php.net/rfc/stringable
+ . Traits can now define abstract private methods.
+ RFC: https://wiki.php.net/rfc/abstract_trait_method_validation
+ . `throw` can now be used as an expression.
+ RFC: https://wiki.php.net/rfc/throw_expression
+ . An optional trailing comma is now allowed in parameter lists.
+ RFC: https://wiki.php.net/rfc/trailing_comma_in_parameter_list
+ . It is now possible to write `catch (Exception)` to catch an exception
+ without storing it in a variable.
+ RFC: https://wiki.php.net/rfc/non-capturing_catches
+ . Added support for mixed type
+ RFC: https://wiki.php.net/rfc/mixed_type_v2
+ . Added support for Attributes
+ RFC: https://wiki.php.net/rfc/attributes_v2
+ RFC: https://wiki.php.net/rfc/attribute_amendments
+ RFC: https://wiki.php.net/rfc/shorter_attribute_syntax
+ . Added support for constructor property promotion (declaring properties in
+ the constructor signature).
+ RFC: https://wiki.php.net/rfc/constructor_promotion
+ . Added support for `match` expression.
+ RFC: https://wiki.php.net/rfc/match_expression_v2
+ . Private methods declared on a parent class no longer enforce any
+ inheritance rules on the methods of a child class. (with the exception of
+ final private constructors)
+ RFC: https://wiki.php.net/rfc/inheritance_private_methods
+ . Added support for nullsafe operator (`?->`).
+ RFC: https://wiki.php.net/rfc/nullsafe_operator
+ . Added support for named arguments.
+ RFC: https://wiki.php.net/rfc/named_params
+
+- Date:
+ . Added DateTime::createFromInterface() and
+ DateTimeImmutable::createFromInterface().
+ . Added the DateTime format specifier "p" which is the same as "P" but
+ returning "Z" for UTC.
+
+- Dom:
+ . Introduce DOMParentNode and DOMChildNode with new traversal and
+ manipulation APIs.
+ RFC: https://wiki.php.net/rfc/dom_living_standard_api
+
+- Enchant:
+ . enchant_dict_add()
+ . enchant_dict_is_added()
+ . LIBENCHANT_VERSION macro
+
+- FPM:
+ . Added a new option pm.status_listen that allows getting status from
+ different endpoint (e.g. port or UDS file) which is useful for getting
+ status when all children are busy with serving long running requests.
+
+- Hash:
+ . HashContext objects can now be serialized.
+
+- Opcache:
+ . If the opcache.record_warnings ini setting is enabled, opcache will record
+ compile-time warnings and replay them on the next include, even if it is
+ served from cache.
+
+- OpenSSL:
+ . Added Cryptographic Message Syntax (CMS) (RFC 5652) support composed of
+ functions for encryption, decryption, signing, verifying and reading. The
+ API is similar to the API for PKCS #7 functions with an addition of new
+ encoding constants: OPENSSL_ENCODING_DER, OPENSSL_ENCODING_SMIME and
+ OPENSSL_ENCODING_PEM.
+
+- Standard:
+ . printf() and friends now support the %h and %H format specifiers. These
+ are the same as %g and %G, but always use "." as the decimal separator,
+ rather than determining it through the LC_NUMERIC locale.
+ . printf() and friends now support using "*" as width or precision, in which
+ case the width/precision is passed as an argument to printf. This also
+ allows using precision -1 with %g, %G, %h and %H. For example, the following
+ code can be used to reproduce PHP's default floating point formatting:
+
+ printf("%.*H", (int) ini_get("precision"), $float);
+ printf("%.*H", (int) ini_get("serialize_precision"), $float);
+
+ . proc_open() now supports pseudo-terminal (PTY) descriptors. The following
+ attaches stdin, stdout and stderr to the same PTY:
+
+ $proc = proc_open($command, [['pty'], ['pty'], ['pty']], $pipes);
+
+ . proc_open() now supports socket pair descriptors. The following attaches
+ a distinct socket pair to stdin, stdout and stderr:
+
+ $proc = proc_open(
+ $command, [['socket'], ['socket'], ['socket']], $pipes);
+
+ Unlike pipes, sockets do not suffer from blocking I/O issues on Windows.
+ However, not all programs may work correctly with stdio sockets.
+ . Sorting functions are now stable, which means that equal-comparing elements
+ will retain their original order.
+ RFC: https://wiki.php.net/rfc/stable_sorting
+
+- Zip:
+ . Extension updated to version 1.19.0
+ . New ZipArchive::lastId property to get index value of last added entry.
+ . Error can be checked after an archive is closed using ZipArchive::status,
+ ZipArchive::statusSys properties or ZipArchive::getStatusString() method.
+ . The remove_path option of ZipArchive::addGlob() and ::addPattern() is now
+ treated as arbitrary string prefix (for consistency with the add_path
+ option), whereas formerly it was treated as directory name.
+ . Optional compression / encryption features are listed in phpinfo.
+
========================================
3. Changes in SAPI modules
========================================
+- Apache:
+ . The PHP module has been renamed from php7_module to php_module.
+
+- CGI and FPM will now use CONTEXT_DOCUMENT_ROOT to scan for .user.ini files,
+ if it is defined. Otherwise, DOCUMENT_ROOT will be used as before. This
+ improves support for Apache mod_userdir and mod_alias.
+
========================================
4. Deprecated Functionality
========================================
+- Core:
+ . Declaring a required parameter after an optional one is deprecated. As an
+ exception, declaring a parameter of the form "Type $param = null" before
+ a required one continues to be allowed, because this pattern was sometimes
+ used to achieve nullable types in older PHP versions.
+
+ function test($a = [], $b) {} // Deprecated
+ function test(Foo $a = null, $b) {} // Allowed
+ . Calling get_defined_functions() with $exclude_disabled explicitly set to
+ false is deprecated. get_defined_functions() will never include disabled
+ functions.
+
+- Enchant:
+ . enchant_broker_set_dict_path and enchant_broker_get_dict_path
+ not available in libenchant < 1.5 nor in libenchant-2
+ . enchant_dict_add_to_personal, use enchant_dict_add instead
+ . enchant_dict_is_in_session, use enchant_dict_is_added instead
+ . enchant_broker_free and enchant_broker_free_dict, unset the object instead
+ . ENCHANT_MYSPELL and ENCHANT_ISPELL constants
+
+- LibXML:
+ . libxml_disable_entity_loader() has been deprecated. As libxml 2.9.0 is now
+ required, external entity loading is guaranteed to be disabled by default,
+ and this function is no longer needed to protect against XXE attacks.
+
+- PGSQL / PDO PGSQL:
+ . The constant PG_VERSION_STR has now the same value as PG_VERSION, and thus
+ is deprecated.
+
+- Zip:
+ . Using empty file as ZipArchive is deprecated. Libzip 1.6.0
+ do not accept empty files as valid zip archives any longer.
+ Existing workaround will be removed in next version.
+ . The procedural API of Zip is deprecated. Use ZipArchive instead.
+
+- Reflection:
+ . ReflectionFunction::isDisabled() is deprecated, as it is no longer possible
+ to create a ReflectionFunction for a disabled function. This method now
+ always returns false.
+ . ReflectionParameter::getClass(), ReflectionParameter::isArray(), and
+ ReflectionParameter::isCallable() are deprecated.
+ ReflectionParameter::getType() and the ReflectionType APIs should be used
+ instead.
+
========================================
5. Changed Functions
========================================
+- Reflection:
+ . ReflectionClass::getConstants and ReflectionClass::getReflectionConstants results
+ can be now filtered via a new parameter `$filter`. 3 new constants were added to
+ be used with it:
+
+ ReflectionClassConstant::IS_PUBLIC
+ ReflectionClassConstant::IS_PROTECTED
+ ReflectionClassConstant::IS_PRIVATE
+
+- Zip
+ . ZipArchive::addGlob and ZipArchive::addPattern methods accept more
+ values in the "options" array argument:
+ . flags
+ . comp_method
+ . comp_flags
+ . env_method
+ . enc_password
+ . ZipArchive::addEmptyDir, ZipArchive::addFile and aZipArchive::addFromString
+ methods have a new "flags" argument. This allows managing name encoding
+ (ZipArchive::FL_ENC_*) and entry replacement (ZipArchive::FL_OVERWRITE)
+ . ZipArchive::extractTo now restore file modification time.
+
========================================
6. New Functions
========================================
+- Core:
+ . Added get_resource_id($resource) function, which returns the same value as
+ (int) $resource. It provides the same functionality under a clearer API.
+
+- LDAP:
+ . Added ldap_count_references(), which returns the number of reference
+ messages in a search result.
+
+- OpenSSL:
+ . Added openssl_cms_encrypt() encrypts the message in the file with the
+ certificates and outputs the result to the supplied file.
+ . Added openssl_cms_decrypt() that decrypts the S/MIME message in the file
+ and outputs the results to the supplied file.
+ . Added openssl_cms_read() that exports the CMS file to an array of PEM
+ certificates.
+ . Added openssl_cms_sign() that signs the MIME message in the file with
+ a cert and key and output the result to the supplied file.
+ . Added openssl_cms_verify() that verifies that the data block is intact,
+ the signer is who they say they are, and returns the certs of the signers.
+
+- PCRE:
+ . Added preg_last_error_msg(), which returns a human-readable message for
+ the last PCRE error. It complements preg_last_error(), which returns an
+ integer enum instead.
+
+- SQLite3:
+ . Add SQLite3::setAuthorizer() and respective class constants to set a
+ userland callback that will be used to authorize or not an action on the
+ database.
+ PR: https://github.com/php/php-src/pull/4797
+
+- Standard:
+ . Added
+
+ str_contains(string $haystack, string $needle): bool
+ str_starts_with(string $haystack, string $needle): bool
+ str_ends_with(string $haystack, string $needle): bool
+
+ functions, which check whether $haystack contains, starts with or ends with
+ $needle.
+ RFC: https://wiki.php.net/rfc/str_contains
+ RFC: https://wiki.php.net/rfc/add_str_starts_with_and_ends_with_functions
+ . Added fdiv() function, which performs a floating-point division under
+ IEEE 754 semantics. Division by zero is considered well-defined and
+ will return one of Inf, -Inf or NaN.
+ . Added get_debug_type() function, which returns a type useful for error
+ messages. Unlike gettype(), it uses canonical type names, returns class
+ names for objects, and indicates the resource type for resources.
+ RFC: https://wiki.php.net/rfc/get_debug_type
+
+- Zip:
+ . ZipArchive::setMtimeName and ZipArchive::setMtimeIndex to set the
+ modification time of an entry.
+ . ZipArchive::setProgressCallback to provide updates during archive close.
+ . ZipArchive::setCancelCallback to allow cancellation during archive close.
+ . ZipArchive::replaceFile to replace an entry content.
+ . ZipArchive::isCompressionMethodSupported to check optional compression
+ features.
+ . ZipArchive::isEncryptionMethodSupported to check optional encryption
+ features.
+
========================================
7. New Classes and Interfaces
========================================
+- Tokenizer:
+ . The new PhpToken class adds an object-based interface to the tokenizer.
+ It provides a more uniform and ergonomic representation, while being more
+ memory efficient and faster.
+ RFC: https://wiki.php.net/rfc/token_as_object
+
========================================
8. Removed Extensions and SAPIs
========================================
+- XML-RPC:
+ . The xmlrpc extension has been unbundled and moved to PECL.
+ RFC: https://wiki.php.net/rfc/unbundle_xmlprc
+
========================================
9. Other Changes to Extensions
========================================
+- CURL:
+ . The CURL extension now requires at least libcurl 7.29.0.
+ . curl_init() will now return a CurlHandle object rather than a resource.
+ Return value checks using is_resource() should be replaced with
+ checks for `false`. The curl_close() function no longer has an effect,
+ instead the CurlHandle instance is automatically destroyed if it is no
+ longer referenced.
+ . curl_multi_init() will now return a CurlMultiHandle object rather than a
+ resource. Return value checks using is_resource() should be replaced with
+ checks for `false`. The curl_multi_close() function no longer has an effect,
+ instead the CurlMultiHandle instance is automatically destroyed if it is no
+ longer referenced.
+ . curl_share_init() will now return a CurlShareHandle object rather than a
+ resource. Return value checks using is_resource() should be replaced with
+ checks for `false`. The curl_share_close() function no longer has an effect,
+ instead the CurlShareHandle instance is automatically destroyed if it is no
+ longer referenced.
+ . The deprecated parameter `$version` of curl_version() has been removed.
+
+- Date:
+ . DatePeriod now implements IteratorAggregate (instead of Traversable).
+
+- DOM:
+ . DOMNamedNodeMap now implements IteratorAggregate (instead of Traversable).
+ . DOMNodeList now implements IteratorAggregate (instead of Traversable).
+
+- Intl:
+ . IntlBreakIterator now implements IteratorAggregate (instead of Traversable).
+ . ResourceBundle now implements IteratorAggregate (instead of Traversable).
+
+- Enchant:
+ . The enchant extension now uses libenchant-2 by default when available.
+ libenchant version 1 is still supported but is deprecated and could
+ be removed in the future.
+
+- GD:
+ . The $num_points parameter of imagepolygon(), imageopenpolygon() and
+ imagefilledpolygon() is now optional, i.e. these functions may be called
+ with either 3 or 4 arguments. If the arguments is omitted, it is calculated
+ as count($points)/2.
+ . The function imagegetinterpolation() to get the current interpolation method
+ has been added.
+
+- JSON:
+ . The JSON extension cannot be disabled anymore and is always an integral part
+ of any PHP build, similar to the date extension.
+
+- MBString:
+ . The Unicode data tables have been updated to version 13.0.0.
+
+- PDO:
+ . PDOStatement now implements IteratorAggregate (instead of Traversable).
+
+- LibXML:
+ . The minimum required libxml version is now 2.9.0. This means that external
+ entity loading is now guaranteed to be disabled by default, and no extra
+ steps need to be taken to protect against XXE attacks.
+
+- MySQLi / PDO MySQL:
+ . When mysqlnd is not used (which is the default and recommended option),
+ the minimum supported libmysqlclient version is now 5.1.
+ . mysqli_result now implements IteratorAggregate (instead of Traversable).
+
+- PGSQL / PDO PGSQL:
+ . The PGSQL and PDO PGSQL extensions now require at least libpq 9.1.
+
+- Readline:
+ . Calling readline_completion_function() before the interactive prompt starts
+ (e.g. in auto_prepend_file) will now override the default interactive prompt
+ completion function. Previously, readline_completion_function() only worked
+ when called after starting the interactive prompt.
+
+- SimpleXML:
+ . SimpleXMLElement now implements RecursiveIterator and absorbed the
+ functionality of SimpleXMLIterator. SimpleXMLIterator is an empty extension
+ of SimpleXMLElement.
+
+- Shmop:
+ . shmop_open() will now return a Shmop object rather than a resource. Return
+ value checks using is_resource() should be replaced with checks for `false`.
+ The shmop_close() function no longer has an effect, and is deprecated;
+ instead the Shmop instance is automatically destroyed if it is no longer
+ referenced.
+
========================================
10. New Global Constants
========================================
+- Filter:
+ . FILTER_VALIDATE_BOOL has been added as an alias for FILTER_VALIDATE_BOOLEAN.
+ The new name is preferred, as it uses the canonical type name.
+
========================================
11. Changes to INI File Handling
========================================
+- zend.exception_string_param_max_len
+ . New INI directive to set the maximum string length in an argument of a
+ stringified stack strace.
+
========================================
12. Windows Support
========================================
+- Standard:
+ . Program execution functions (proc_open(), exec(), popen() etc.) using the
+ shell now consistently execute `%comspec% /s /c "$commandline"`, which has
+ the same effect as executing `$commandline` (without additional quotes).
+
+- GD:
+ . php_gd2.dll has been renamed to php_gd.dll.
+
+- php-test-pack:
+ . The test runner has been renamed from run-test.php to run-tests.php, to
+ match its name in php-src.
+
========================================
13. Other Changes
========================================
+- EBCDIC targets are no longer supported, though it's unlikely that they were
+ still working in the first place.
+
========================================
14. Performance Improvements
========================================
+
+- A Just-In-Time (JIT) compiler has been added to the opcache extension.
+- array_slice() on an array without gaps will no longer scan the whole array to
+ find the start offset. This may significantly reduce the runtime of the
+ function with large offsets and small lengths.
+- strtolower() now uses a SIMD implementation when using the "C" LC_CTYPE
+ locale (which is the default).