summaryrefslogtreecommitdiff
path: root/UPGRADING
blob: 0bcdae197143563be5a09bfbd9abe380971f68df (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
PHP 7.4 UPGRADE NOTES

1. Backward Incompatible Changes
2. New Features
3. Changes in SAPI modules
4. Deprecated Functionality
5. Changed Functions
6. New Functions
7. New Classes and Interfaces
8. Removed Extensions and SAPIs
9. Other Changes to Extensions
10. New Global Constants
11. Changes to INI File Handling
12. Windows Support
13. Migration to pkg-config
14. Other Changes
15. Performance Improvements


========================================
1. Backward Incompatible Changes
========================================

- Core:
  . get_declared_classes() no longer returns anonymous classes that haven't
    been instantiated yet.

- Curl:
  . Attempting to serialize a CURLFile class will now generate an exception.
    Previously the exception was only thrown on unserialization.

- Date:
  . Calling var_dump() or similar on a DateTime(Immutable) instance will no
    longer leave behind accessible properties on the object.
  . Comparison of DateInterval objects (using ==, < and so on) will now generate
    a warning and always return false. Previously all DateInterval objects were
    considered equal, unless they had properties.

- Intl:
  . The default parameter value of idn_to_ascii() and idn_to_utf8() is now
    INTL_IDNA_VARIANT_UTS46 instead of the deprecated INTL_IDNA_VARIANT_2003.

- MySQLi:
  . The embedded server functionality has been removed. It was broken since
    at least PHP 7.0.

- Openssl:
  . The openssl_random_pseudo_bytes() function will now throw an exception in
    error situations, similar to random_bytes(). In particular, an Error is
    thrown if the number of requested bytes is smaller *or equal* than zero,
    and an Exception is thrown is sufficient randomness cannot be gathered.
    The $crypto_strong output argument is guaranteed to always be true if the
    function does not throw, so explicitly checking it is not necessary.
    RFC: http://php.net/manual/de/function.openssl-random-pseudo-bytes.php

- PCRE:
  . When PREG_UNMATCHED_AS_NULL mode is used, trailing unmatched capturing
    groups will now also be set to null (or [null, -1] if offset capture is
    enabled). This means that the size of the $matches will always be the same.

- PEAR:
  . Installation of PEAR (including PECL) is no longer enabled by default. It
    can be explicitly enabled using --with-pear. This option is deprecated and
    may be removed in the future.

- PDO:
  . Attempting to serialize a PDO or PDOStatement instance will now generate
    an Exception rather than a PDOException, consistent with other internal
    classes which do not support serialization.

- Reflection:
  . Reflection objects will now generate an exception if an attempt is made
    to serialize them. Serialization for reflection objects was never
    supported and resulted in corrupted reflection objects. It has been
    explicitly prohibited now.

- SPL:
  . Calling get_object_vars() on an ArrayObject instance will now always return
    the properties of the ArrayObject itself (or a subclass). Previously it
    returned the values of the wrapped array/object unless the STD_PROP_LIST
    flag was specified. Other affected operations are:

     * ReflectionObject::getProperties()
     * reset(), current(), etc. Use Iterator methods instead.
     * Potentially others working on object properties as a list.

    (array) casts are *not* affected. They will continue to return either the
    wrapped array, or the ArrayObject properties, depending on whether the
    STD_PROP_LIST flag is used.
  . SplPriorityQueue::setExtractFlags() will throw an exception if zero is
    passed. Previously this would generate a recoverable fatal error on the
    next extraction operation.
  . ArrayObject, ArrayIterator, SplDoublyLinkedList and SplObjectStorage now
    support the __serialize() + __unserialize() mechanism in addition to the
    Serializable interface. This means that serialization payloads created on
    older PHP versions can still be unserialized, but new payloads created by
    PHP 7.4 will not be understood by older versions.

- Standard:
  . The "o" serialization format has been removed. As it is never produced by
    PHP, this may only break unserialization of manually crafted strings.

========================================
2. New Features
========================================

- Core:
  . Added support for typed properties. For example:

        class User {
            public int $id;
            public string $name;
        }

    This will enforce that $user->id can only be assigned integer and
    $user->name can only be assigned strings. For more information see the
    RFC: https://wiki.php.net/rfc/typed_properties_v2

  . Added support for coalesce assign (??=) operator. For example:

        $array['key'] ??= computeDefault();
        // is roughly equivalent to
        if (!isset($array['key'])) {
            $array['key'] = computeDefault();
        }

    RFC: https://wiki.php.net/rfc/null_coalesce_equal_operator

  . Support for WeakReferences has been added.
    RFC: https://wiki.php.net/rfc/weakrefs

- Filter:
  . The FILTER_VALIDATE_FLOAT filter now supports the min_range and max_range
    options, with the same semantics as FILTER_VALIDATE_INT.

- FFI:
  . A new extension which provides a simple way to call native functions, access
    native variables and create/access data structures defined in C libraries.
    RFC: https://wiki.php.net/rfc/ffi

- Hash:
  . Added "crc32c" hash using Castagnoli's polynomial. This crc32 variant is
    used by storage systems, such as iSCSI, SCTP, Btrfs and ext4.

- Mbstring:
  . Added mb_str_split() function, which provide the same functionality as
    str_split(), but operating on code points rather than bytes.
    RFC: https://wiki.php.net/rfc/mb_str_split

- OPcache:
  . Support for preloading code has been added.
    RFC: https://wiki.php.net/rfc/preload

- PCRE:
  . The preg_replace_callback() and preg_replace_callback_array() functions now
    accept an additional $flags argument, with support for the
    PREG_OFFSET_CAPTURE and PREG_UNMATCHED_AS_NULL flags. This influences the
    format of the matches array passed to to the callback function.

- PDO_OCI:
  . PDOStatement::getColumnMeta() is now available

- PDO_SQLite:
  . PDOStatement::getAttribute(PDO::SQLITE_ATTR_READONLY_STATEMENT) allows to
    check whether this statement is read-only, i.e. whether it doesn't modify
    the database.

- Standard:
  . strip_tags() now also accepts an array of allowed tags: Instead of
    strip_tags($str, '<a><p>') you can now write strip_tags($str, ['a', 'p']).

  . A new mechanism for custom object serialization has been added, which
    uses two new magic methods:

        // Returns array containing all the necessary state of the object.
        public function __serialize(): array;

        // Restores the object state from the given data array.
        public function __unserialize(array $data): void;

    The new serialization mechanism supersedes the Serializable interface,
    which will be deprecated in the future.

    RFC: https://wiki.php.net/rfc/custom_object_serialization

========================================
3. Changes in SAPI modules
========================================

========================================
4. Deprecated Functionality
========================================

- Core:
  . Unbinding $this of a non-static method through a combination of
    ReflectionMethod::getClosure() and closure rebinding is deprecated. Doing
    so is equivalent to calling a non-static method statically, which has been
    deprecated since PHP 7.0.

- COM:
  . Importing type libraries with case-insensitive constant registering has been
    deprecated.

- Mbstring:
  . Passing a non-string pattern to mb_ereg_replace() is deprecated. Currently
    non-string patterns are interpreted as ASCII codepoints. In PHP 8 the
    pattern will be interpreted as a string instead.

- LDAP:
  . ldap_control_paged_result_response and ldap_control_paged_result are
    deprecated. Pagination controls can be sent along with ldap_search instead.

========================================
5. Changed Functions
========================================

- SPL:
  . SplFileObject::fputcsv(), ::fgetcsv() and ::setCsvControl() now accept an
    empty string as $escape argument, which disables the propriertary PHP
    escaping mechanism. SplFileObject::getCsvControl() now may also return an
    empty string for the third array element, accordingly.

- Standard:
  . fputcsv() and fgetcsv() now accept an empty string as $escape argument,
    which disables the propriertary PHP escaping mechanism. The behavior of
    str_getcsv() has been adjusted accordingly (formerly, an empty string was
    identical to using the default).
  . proc_open() on Windows can be passed a "create_process_group" option. It
    is required, if the child process is supposed to handle CTRL events.

========================================
6. New Functions
========================================

- OpenSSL:
  . Added openssl_x509_verify(mixed cert, mixed key) function that verifies the
    signature of the certificate using a public key. A wrapper around the
    OpenSSL's X509_verify() function.
    See <https://github.com/php/php-src/pull/3624>.

- Pcntl:
  . Added bool pcntl_unshare(int flags) function which allows to dissociate
    parts of the process execution context which are currently being shared with
    other processes. Explicitly, it allows you to unshare the mount, IPC, UTS,
    network, PID, user and cgroup namespaces.

- SQLite3:
  . Added SQLite3Stmt::getSQL() to retrieve the SQL of the statement. If TRUE is
    passed as parameter, query parameters will be replaced in the return value
    by their currently bound value, if libsqlite ≥ 3.14 is used.

- Standard
  . bool sapi_windows_set_ctrl_handler(callable handler, [, bool add = true]) -
    set or remove a handler function upon receiving a CTRL event. The handler
    function is expected have a signature "function handler(int $event)".
  . bool sapi_windows_generate_ctrl_event(int type, int pid) - send a CTRL event
    to another process.

========================================
7. New Classes and Interfaces
========================================

- Reflection:
  . A new ReflectionReference class has been added, which allows detecting
    references and comparing them for identity. For more details see the RFC:
    https://wiki.php.net/rfc/reference_reflection

========================================
8. Removed Extensions and SAPIs
========================================

========================================
9. Other Changes to Extensions
========================================

- GD:
  . The behavior of imagecropauto() in the bundled libgd has been synced with
    that of system libgd:
     * IMG_CROP_DEFAULT is no longer falling back to IMG_CROP_SIDES
     * Threshold-cropping now uses the algorithm of system libgd
  . The default $mode parameter of imagecropauto() has been changed to
    IMG_CROP_DEFAULT; passing -1 is now deprecated.
  . imagescale() now supports aspect ratio preserving scaling to a fixed height
    by passing -1 as $new_width.

- Filter:
  . The filter extension no longer exposes --with-pcre-dir for Unix builds and
    can now reliably be built as shared when using ./configure once more.

- Hash:
  . The hash extension cannot be disabled anymore and is always an integral
    part of any PHP build, similar to the date extension.

- Intl:
  . The Intl extension now requires at least ICU 50.1.

- Libxml:
  . All libxml based extensions now require libxml 2.7.6 or newer.

- Mbstring:
  . The oniguruma library is no longer bundled with PHP, instead libonig needs
    to be available on the system. Alternatively --disable-mbregex can be used
    to disable the mbregex component.

- OPcache:
  . The --disable-opcache-file|--enable-opcache-file configure options have been
    removed in favor of the opcache.file_cache INI directive.

- Reflection:
  . Numeric value of class, property, function and constant modifiers was
    changed. Don't filter methods and properties through
    ReflectionClass::getMethods() and ReflectionClass::getProperties(), or test
    results of Reflection...::getModifiers(), using hard-coded numeric values.
    Use corresponding constants instead (e.g. ReflectionMethod::IS_PUBLIC).

- SQLite3:
  . The bundled libsqlite has been removed.  To build the SQLite3 extension
    a system libsqlite3 ≥ 3.7.4 is now required. To build the PDO_SQLite
    extension a system libsqlite3 ≥ 3.5.0 is now required.
  . (Un)serialization of SQLite3, SQLite3Stmt and SQLite3Result is now explicitly
    forbidden. Formerly, serialization of instances of these classes was
    possible, but unserialization yielded unusable objects.
  . The @param notation can now also be used to denote SQL query parameters.

- WDDX:
  . The WDDX extension has been deprecated and moved to PECL.

- Zip:
  . The bundled libzip library has been removed. A system libzip >= 0.11 is now
    necessary to build the extension.

========================================
10. New Global Constants
========================================

- Mbstring:
  . MB_ONIGURUMA_VERSION specifies the version of the oniguruma library against
    which mbregex has been built.

- Socket:
  . Added FreeBSD-specific socket options:
  . SO_LABEL
  . SO_PEERLABEL
  . SO_LISTENQLIMIT
  . SO_LISTENQLEN
  . SO_USER_COOKIE

- Standard:
  . PHP_WINDOWS_EVENT_CTRL_C
  . PHP_WINDOWS_EVENT_CTRL_BREAK

- Tidy:
  . TIDY_TAG_ARTICLE
  . TIDY_TAG_ASIDE
  . TIDY_TAG_AUDIO
  . TIDY_TAG_BDI
  . TIDY_TAG_CANVAS
  . TIDY_TAG_COMMAND
  . TIDY_TAG_DATALIST
  . TIDY_TAG_DETAILS
  . TIDY_TAG_DIALOG
  . TIDY_TAG_FIGCAPTION
  . TIDY_TAG_FIGURE
  . TIDY_TAG_FOOTER
  . TIDY_TAG_HEADER
  . TIDY_TAG_HGROUP
  . TIDY_TAG_MAIN
  . TIDY_TAG_MARK
  . TIDY_TAG_MENUITEM
  . TIDY_TAG_METER
  . TIDY_TAG_NAV
  . TIDY_TAG_OUTPUT
  . TIDY_TAG_PROGRESS
  . TIDY_TAG_SECTION
  . TIDY_TAG_SOURCE
  . TIDY_TAG_SUMMARY
  . TIDY_TAG_TEMPLATE
  . TIDY_TAG_TIME
  . TIDY_TAG_TRACK
  . TIDY_TAG_VIDEO

========================================
11. Changes to INI File Handling
========================================

========================================
12. Windows Support
========================================

- stat:
  . The stat implementation has been refactored.
    - An inode number is delivered and is based on the NTFS file index.
    - The device number is now based on the volume serial number.

  Note, that both values derived from the system and provided as is on 64-bit
  systems. On 32-bit system, these values might overflow the 32-bit integer in
  PHP, so they're a fake.

- CTRL+C and CTRL+BREAK on console can be caught by setting a handler function
  with sapi_windows_set_ctrl_handler().

========================================
13. Migration to pkg-config
========================================

A number of extensions have been migrated to exclusively use pkg-config for
the detection of library dependencies. Generally, this means that instead of
using --with-foo-dir=DIR or similar only --with-foo is used. Custom library
paths can be specified either by adding additional directories to
PKG_CONFIG_PATH or by explicitly specifying compilation options through
FOO_CFLAGS and FOO_LIBS.

The following extensions are affected:

- Curl:
  . --with-curl no longer accepts a directory.

- IMAP:
  . --with-kerberos no longer accepts a directory.

- Intl:
  . --with-icu-dir has been removed. If --enable-intl is passed, then libicu is
    always required.

- Mbstring:
  . --with-onig has been removed. Unless --disable-mbregex has been passed,
    libonig is required.

- OpenSSL:
  . --with-openssl no longer accepts a directory.
  . --with-kerberos no longer accepts a directory.

- PCRE:
  . --with-pcre-regex has been removed. Instead --with-external-pcre is provided
    to opt into using an external PCRE library, rather than the bundled one.

- Readline:
  . --with-libedit no longer accepts a directory.

- GD:
  . --with-gd becomes --enable-gd (whether to enable the extension at all) and
    --with-external-gd (to opt into using an external libgd, rather than the
    bundled one).
  . --with-png-dir has been removed. libpng is required.
  . --with-zlib-dir has been removed. zlib is required.
  . --with-freetype-dir becomes --with-freetype.
  . --with-jpeg-dir becomes --with-jpeg.
  . --with-webp-dir becomes --with-webp.
  . --with-xpm-dir becomes --with-xpm.

- Libxml:
  . --with-libxml-dir has been removed.
  . --enable-libxml becomes --with-libxml.

========================================
14. Other Changes
========================================

========================================
15. Performance Improvements
========================================

- Core:
  . A specialized VM opcode for the array_key_exists() function has been added,
    which improves performance of this function if it can be statically
    resolved. In namespaced code, this may require writing \array_key_exists()
    or explicitly importing the function.

- PCRE:
  . When preg_match() in UTF-8 mode ("u" modifier) is repeatedly called on the
    same string (but possibly different offsets), it will only be checked for
    UTF-8 validity once.