rfc:deprecations_php_7_2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
Next revisionBoth sides next revision
rfc:deprecations_php_7_2 [2016/11/07 21:13] – created nikicrfc:deprecations_php_7_2 [2016/12/21 16:25] nikic
Line 111: Line 111:
 This behavior of ''assert()'' makes it easy to introduce subtle remote code execution vulnerabilities. Using ''assert($value)'' to check if a value is truthy opens an RCE vulnerability if there is any chance for ''$value'' to be a string. This behavior of ''assert()'' makes it easy to introduce subtle remote code execution vulnerabilities. Using ''assert($value)'' to check if a value is truthy opens an RCE vulnerability if there is any chance for ''$value'' to be a string.
  
-Proposed action: Throw a deprecation notice if ''assert()'' is used with a string argument.+Proposed action: Throw a deprecation notice if ''assert()'' is used with a string argument. The deprecation notice is only thrown if assertions are enabled (both zend.assertions and assert.active must be enabled).
  
 ==== $errcontext argument of error handler ==== ==== $errcontext argument of error handler ====
Line 118: Line 118:
  
 This functionality is problematic for optimization, because the ''$errcontext'' can be used to modify all references and objects in the current scope. As far as I am aware, this functionality is barely used and the trade-off here is not worthwhile. If people wish to inspect the variable-state at the point of an error, they should use a proper debugger. This functionality is problematic for optimization, because the ''$errcontext'' can be used to modify all references and objects in the current scope. As far as I am aware, this functionality is barely used and the trade-off here is not worthwhile. If people wish to inspect the variable-state at the point of an error, they should use a proper debugger.
 +
 +Note that the error context only contains the local variables at the error-site. The error backtrace, including ''$this'' and function arguments, will of course stay available through ''debug_backtrace()''.
  
 Proposed action: Throw deprecation notice if error handler has five or more arguments. Otherwise, do not pass the ''$errcontext''. This prevents circumvention with ''func_get_args()''. Proposed action: Throw deprecation notice if error handler has five or more arguments. Otherwise, do not pass the ''$errcontext''. This prevents circumvention with ''func_get_args()''.
Line 123: Line 125:
 ===== Backward Incompatible Changes ===== ===== Backward Incompatible Changes =====
  
-For PHP 7.additional deprecation notices will appear. For PHP 8.0 the previously deprecated functionality will no longer be available.+For PHP 7.additional deprecation notices will appear. For PHP 8.0 the previously deprecated functionality will no longer be available.
  
 ===== Proposed Voting Choices ===== ===== Proposed Voting Choices =====
Line 147: Line 149:
   * Second argument to ''spl_autoload''.   * Second argument to ''spl_autoload''.
   * The ticks mechanism, which is obsoleted by async signal handling.   * The ticks mechanism, which is obsoleted by async signal handling.
 +  * ''php_sapi_name'', ''phpversion'' and ''pi'': These functions return constant values corresponding to ''PHP_SAPI'', ''PHP_VERSION'' and ''M_PI''.
 +  * The ''(real)'' cast and ''is_real()'' functions. ''real'' is an alias for ''float''/''double'' which sees significantly less use than the other two variants.
  
 ===== Rejected deprecations ===== ===== Rejected deprecations =====
rfc/deprecations_php_7_2.txt · Last modified: 2017/09/22 13:28 by 127.0.0.1

Page Tools