Differences

This shows you the differences between two versions of the page.

--- rfc:deprecations_php_7_1 [2016/09/16 17:28] – add binary string literals and casts nikic
+++ rfc:deprecations_php_7_1 [2016/10/29 16:21] – nikic
@@ Line 18: / Line 18: @@
   * ''parse_str()'' without second argument
   * ''gmp_random()''
-  * ''(binary)'' cast and ''b""'' literals
+  * ''(binary)'' cast and ''%%b""%%'' literals
+  * ''each()''
+  * ''assert()'' with string argument
+  * ''$errcontext'' argument of error handler
 ===== Proposal =====
@@ Line 83: / Line 86: @@
 Proposed action: Throw a compile-time deprecation whenever binary casts or binary string literals are used.
+==== each() ====
+The ''each()'' function can be used to iterate over an array, similarly to using ''foreach''. On each call, it returns an array with the current key and value and advances the internal array pointer to the next position. The typical usage, as presented in the manual, is as follows:
+<code php>
+reset($array);
+while (list($key, $val) = each($array)) {
+    echo "$key => $val\n";
+}
+</code>
+The ''each()'' function is inferior to ''foreach'' in pretty much every imaginable way, including being more than 10 times slower. The continued existence of this function poses a problem for certain language changes. For example the [[https://wiki.php.net/rfc/notice-for-non-valid-array-container]] RFC had to exclude ''list()'', because the typical usage of ''each'' relies on the fact that you can access array offsets on ''false'' without a warning.
+Proposed action: As ''each'' is typically called within loops, throwing a deprecation warning for every call is likely not advisable. Instead, throw a deprecation warning on the first call for any given request.
+==== assert() with string argument ====
+The ''assert()'' function has two modes of operation: If it is passed something other than a string, it will assert that the value is truthy. If a string is passed, it will be run through ''eval()'' and assert will check that the result of the ''eval()'' is truthy.
+The reason for this behavior is that prior to PHP 7 this was the only way to prevent the assertion expression from evaluating. As of PHP 7, the ''zend.assertions'' ini option can be used to avoid evaluation of assertion expressions. As such, there is no longer a need for supporting implicitly evaluated string arguments.
+This behavior of ''assert()'' makes it easy to introduce subtle remote code execution vulnerabilities. Using ''assert($value)'' to check if a value is truthy opens an RCE vulnerability if there is any chance for ''$value'' to be a string.
+Proposed action: Throw a deprecation notice if ''assert()'' is used with a string argument.
+==== $errcontext argument of error handler ====
+Error handlers set with ''set_error_handler()'' are passed an ''$errcontext'' as the last argument. This argument is an array containing all local variables at the point the error was generated.
+This functionality is problematic for optimization, because the ''$errcontext'' can be used to modify all references and objects in the current scope. As far as I am aware, this functionality is barely used and the trade-off here is not worthwhile. If people wish to inspect the variable-state at the point of an error, they should use a proper debugger.
+Proposed action: Throw deprecation notice if error handler has five or more arguments. Otherwise, do not pass the ''$errcontext''. This prevents circumvention with ''func_get_args()''.
 ===== Backward Incompatible Changes =====
@@ Line 109: / Line 145: @@
   * ''sizeof'', which is an alias of ''count''.
   * Second argument to ''spl_autoload''.
+  * The ticks mechanism, which is obsoleted by async signal handling.
 ===== Rejected deprecations =====

Differences

Page Tools