summaryrefslogtreecommitdiff
path: root/UPGRADING
Commit message (Collapse)AuthorAgeFilesLines
...
* Add proper default values for optional arguments in IMAPGeorge Peter Banyard2020-09-221-0/+4
| | | | Closes GH-6179
* Return empty array for no rows in pg_fetch_all()Nikita Popov2020-09-211-0/+2
| | | | | This makes it line up with pg_fetch_all_columns(), as well as similar functions in other exts, such as mysqli_fetch_all().
* Deprecate pgsql function aliasesNikita Popov2020-09-211-0/+1
| | | | | These have been documentation-deprecated for a very long time, make it official.
* Drop support for libmysqlclient < 5.5Nikita Popov2020-09-171-1/+1
| | | | | Given how little maintenance the libmysqlclient driver sees, be more aggressive in dropping old version support here.
* Change int parameter types to bool when the parameter behaves as boolMáté Kocsis2020-09-171-0/+4
| | | | Closes GH-6148
* Remove deprecated pgsql signaturesNikita Popov2020-09-091-0/+3
| | | | As the comment indicates, these are deprecated in PHP 4.2...
* Remove deprecated multi-parameter form of pg_connect()Nikita Popov2020-09-091-0/+4
|
* Allow array_diff() and array_intersect() with single array argumentNikita Popov2020-09-091-0/+8
| | | | | | | | | | | | | | | | | | | Both of these functions are well-defined when used with a single array argument -- rejecting this case was an artificial limitation. This is not useful when called with explicit arguments, but removes edge-cases when used with argument unpacking: // OK even if $excludes is empty. array_diff($array, ...$excludes); // OK even if $arrays contains a single array only. array_intersect(...$arrays); This matches the behavior of functions like array_merge() and array_push(), which also allow calls with no array or a single array respectively. Closes GH-6097.
* Improve error messages mentioning parameters instead of argumentsMáté Kocsis2020-09-091-2/+2
| | | | Closes GH-5999
* Require $method parameter in openssl_seal/openssl_openNikita Popov2020-09-081-0/+2
| | | | | | | | RC4 is considered insecure, and it's not possible to change the default of these functions. As such, require the method to be passed explicitly. Closes GH-6093.
* Drop support for crypt() without explicit saltNikita Popov2020-09-071-0/+3
| | | | | | | crypt() without salt generates a weak $1$ MD5 hash. It has been throwing a notice since 2013 and we provide a much better alternative in password_hash() (which can auto-generate salts for strong password hashes), so keeping this is just a liability.
* Update NEWS, UPGRADINGBenjamin Eberlei2020-09-021-4/+5
|
* Fix #55847: DOTNET .NET 4.0 GAC new locationChristoph M. Becker2020-08-221-0/+4
| | | | | | | | | | | | | | | | | | | If we do not specify the exact version of the .NET framework to use, the default CLR is loaded, which is typically CLR 2, which is very old. Therefore, we introduce a `PHP_INI_SYSTEM` setting, which allows users to choose the desired .NET framework version. The value of the setting are the first three parts of the framework's version number, separated by dots, and prefixed with "v", e.g. "v4.0.30319". If the value of the INI setting is `NULL` (the default) or an empty string, the default CLR is used. Internally, we switch from the most generic `CoCreateInstance()` to `CorBindToRuntime()` which is implemented in mscoree.dll. To avoid the hard dependency to that library, we load dynamically. So this fix is supposed to be fully backwards compatible. Closes GH-5949
* OCI8 classes were already renamed in 8; this now follows the new-new standardChristopher Jones2020-08-211-0/+3
|
* Fix more basic function stubsTyson Andre2020-08-181-1/+1
| | | | | | | | | | | User-defined functions can't have multiple parameters with the same name. Don't do that for var_dump/debug_zval_dump. Consistently use array $array to match docs Fix typo in UPGRADING Fixes GH-6015
* Fix #79988: new reserved keyword `match` is a backward incompatible changeChristoph M. Becker2020-08-181-0/+1
|
* Expand upgrading note for namespaced name changeNikita Popov2020-08-101-1/+3
| | | | | | Mention the case from bug #79942. [ci skip]
* Revert "Prepare for PHP 8.1"Nikita Popov2020-08-041-1/+1005
| | | | | This reverts commit 1ab4d0e6b7abb67d5a01ce3327bf973772271fb2. This reverts commit a359635cb1a4df8b5137a506c88c4cb102acac0e.
* Prepare for PHP 8.1Gabriel Caruso2020-08-041-1005/+1
|
* Add upgrading note for the resource to object migration in ext/socketsMáté Kocsis2020-08-031-1/+8
|
* Minor grammar/consistency fixes in upgrade guideTheodore Brown2020-08-031-24/+23
| | | | [ci skip]
* Deprecate libxml_disable_entity_loader()Dik Takken2020-08-031-0/+5
| | | | | | | | | | This method was used to protect code against XXE processing attacks. Since PHP now requires libxml >= 2.9.0 external entity loading no longer needs to be disabled to prevent these attacks. It is disabled by default. Also, the method has an unwanted side effect that causes a lot of confusion: Parsing XML data from resources like files is no longer possible. Closes GH-5867.
* Bump libxml version requirement 2.7.6 => 2.9.0Dik Takken2020-08-031-0/+5
| | | | | | Since libxml version 2.9.0 external entity loading is disabled by default. Bumping the version requirement means that XML processing in PHP is no longer vulnerable to XXE processing attacks by default.
* FPM: Add pm.status_listen optionJakub Zelenka2020-08-031-0/+5
| | | | | | | | | | This option allows getting status from different endpoint (e.g. port or UDS file) which is useful for getting status when all children are busy with serving long running requests. Internally a new shared pool with ondemand process manager is used. It means that the status requests have reserved resources and should not be blocked by other requests.
* [RFC] Only unserialize Phar metadata when getMetadata() is calledTyson Andre2020-08-031-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In other words, don't automatically unserialize when the magic phar:// stream wrappers are used. RFC: https://wiki.php.net/rfc/phar_stop_autoloading_metadata Also, change the signature from `getMetadata()` to `getMetadata(array $unserialize_options = [])`. Start throwing earlier if setMetadata() is called and serialization threw. See https://externals.io/message/110856 and https://bugs.php.net/bug.php?id=76774 This was refactored to add a phar_metadata_tracker for the following reasons: - The way to properly copy a zval was previously implicit and undocumented (e.g. is it a pointer to a raw string or an actual value) - Avoid unnecessary serialization and unserialization in the most common case - If a metadata value is serialized once while saving a new/modified phar file, this allows reusing the same serialized string. - Have as few ways to copy/clone/lazily parse metadata (etc.) as possible, so that code changes can be limited to only a few places in the future. - Performance is hopefully not a concern - copying a string should be faster than unserializing a value, and metadata should be rare in most cases. Remove unnecessary skip in a test(Compression's unused) Add additional assertions about usage of persistent phars Improve robustness of `Phar*->setMetadata()` - Add sanity checks for edge cases freeing metadata, when destructors or serializers modify the phar recursively. - Typical use cases of php have phar.readonly=1 and would not be affected. Closes GH-5855
* Make http stream wrapper advertise HTTP/1.1 by defaultRowan Tommins2020-08-031-0/+8
| | | | | | | | | | In practice, we always act as an HTTP/1.1 client, for compatibility with servers which ignore protocol version. Sending the version in the request will avoid problems with servers which don't ignore it. HTTP/1.0 can still be forced using a stream context option. Closes GH-5899.
* Merge branch 'levim/assert-throw'Levi Morrison2020-08-031-0/+2
|\ | | | | | | | | This changes assert.exception to default to 1, or on by default. Closes GH-5925.
| * Default assert.exception to 1Levi Morrison2020-08-021-0/+2
| |
* | Promote "undefined array key" notice to warningNikita Popov2020-08-031-0/+1
| | | | | | | | | | | | | | This implements the last remaining part of the https://wiki.php.net/rfc/engine_warnings RFC. Closes GH-5927.
* | datetime: new format "p", same as "P" but returning "Z" for UTCGregor Harlan2020-08-031-0/+2
|/
* Ensure correct signatures for magic methodsGabriel Caruso2020-08-021-0/+20
|
* [skip ci] Fix grammar/typo nits in docsTyson Andre2020-08-011-2/+2
| | | | | | The PHP error message says "well-formed", not "well formed" Fixes GH-5920
* Convert resources to objects in ext/opensslMáté Kocsis2020-08-011-0/+17
| | | | | | Closes GH-5860 Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>
* Allow overriding completion in `auto_prepend_file`Tyson Andre2020-08-011-0/+6
| | | | | | | | | | | | | | | | | | | Currently, it's possible to override `php -a`s completion functionality to provide an alternative to the C implementation, with `readline_completion_function()`. However, that surprisingly gets overridden when called from `auto_prepend_file`, because those scripts get run before the interactive shell is started. I believe that not overriding it would be more consistent with what happens when you override the completion function **after** the interactive shell. CLI is the only built-in API that uses this (See discussion in GH-5872). I believe MINIT and RINIT will only run once when invoked with `php -a`. Add documentation about the architecture of how php uses readline/libedit Closes GH-5872
* Implement named parametersNikita Popov2020-07-311-0/+2
| | | | | | | | | | | | | | | | | | From an engine perspective, named parameters mainly add three concepts: * The SEND_* opcodes now accept a CONST op2, which is the argument name. For now, it is looked up by linear scan and runtime cached. * This may leave UNDEF arguments on the stack. To avoid having to deal with them in other places, a CHECK_UNDEF_ARGS opcode is used to either replace them with defaults, or error. * For variadic functions, EX(extra_named_params) are collected and need to be freed based on ZEND_CALL_HAS_EXTRA_NAMED_PARAMS. RFC: https://wiki.php.net/rfc/named_params Closes GH-5357.
* Improve wording and spelling consistency in UPGRADINGTheodore Brown2020-07-291-16/+14
| | | | [ci skip]
* Implement 'Saner Numeric Strings' RFC:George Peter Banyard2020-07-291-0/+21
| | | | | | | | | | | | | | | | | RFC: https://wiki.php.net/rfc/saner-numeric-strings This removes the -1 allow_error mode from is_numeric_string functions and replaces it by a trailing boolean out argument to preserve BC in a couple of places. Most of the changes can be resumed to "numeric" strings which emitted a E_NOTICE now emit a E_WARNING and "numeric" strings which emitted a E_WARNING now throw a TypeError. This mostly affects: - String offsets - Arithmetic operations - Bitwise operations Closes GH-5762
* Implement Shorter Attribute SyntaxTheodore Brown2020-07-281-0/+5
| | | | | | | | RFC: https://wiki.php.net/rfc/shorter_attribute_syntax Closes GH-5796. Co-authored-by: Martin Schröder <m.schroeder2007@gmail.com>
* [skip ci] Add zend.exception_string_param_max_len to UPGRADINGTyson Andre2020-07-271-0/+4
| | | | For GH-5769 (mentioned in 07db64156e180c30daa5ab5d41ed72f9bba77e6d)
* Fix bug #79108Nikita Popov2020-07-241-0/+3
| | | | | | | | | | Don't expose references in debug_backtrace() or exception traces. This is regardless of whether the argument is by-reference or not. As a side-effect of this change, exception traces may now acquire the interior value of a reference, which may be unexpected for some internal functions. This is what necessitated the change in the spl_array sort implementation.
* Avoid UNKNOWN default in PDO::query()Nikita Popov2020-07-241-2/+4
|
* Make nested ternary without parentheses a compile errorNikita Popov2020-07-241-0/+2
| | | | This was deprecated in PHP 7.4.
* Implement nullsafe ?-> operatorIlija Tovilo2020-07-241-0/+2
| | | | | | | | RFC: https://wiki.php.net/rfc/nullsafe_operator Closes GH-5619. Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>
* Treat namespaced names as single tokenNikita Popov2020-07-221-0/+9
| | | | | | | | | Namespace names are now lexed as single tokens of type T_NAME_QUALIFIED, T_NAME_FULLY_QUALIFIED or T_NAME_RELATIVE. RFC: https://wiki.php.net/rfc/namespaced_names_as_token Closes GH-5827.
* Improved number to string comparison semanticsNikita Popov2020-07-221-0/+5
| | | | | | RFC: https://wiki.php.net/rfc/string_to_number_comparison Closes GH-3886.
* Fix bug #79857: Add upgrading note for exit dtor changeNikita Popov2020-07-201-0/+2
| | | | [ci skip]
* Ignore inheritance rules on private methodsPedro Magalhães2020-07-151-0/+7
| | | | Closes GH-5401
* Support socketpairs in proc_open()Martin Schröder2020-07-141-0/+8
| | | | Closes GH-5777.
* Add user upgrading note for no_separation changeNikita Popov2020-07-131-0/+5
| | | | | | | I added this to UPGRADING.INTERNALS, but it should also be mentioned in UPGRADING, as it affects user-visible behavior. [ci skip]
* Add upgrading note for crypt changeNikita Popov2020-07-131-0/+2
| | | | [ci skip]
View Lorry Controller Status