rfc:deprecations_php_7_2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
rfc:deprecations_php_7_2 [2016/11/07 21:13] nikicrfc:deprecations_php_7_2 [2017/01/15 14:14] nikic
Line 19: Line 19:
   * ''parse_str()'' without second argument   * ''parse_str()'' without second argument
   * ''gmp_random()''   * ''gmp_random()''
-  * ''(binary)'' cast and ''%%b""%%'' literals 
   * ''each()''   * ''each()''
   * ''assert()'' with string argument   * ''assert()'' with string argument
Line 81: Line 80:
  
 Proposed action: Mark the function as deprecated, thus issuing a deprecation notice on every call. Proposed action: Mark the function as deprecated, thus issuing a deprecation notice on every call.
- 
-==== (binary) cast and b"" literals ==== 
- 
-The binary cast and binary string literals were originally introduced as forward-compatibility features for PHP 6. Currently they behave identically to ordinary (string) casts and ordinary string literals. Given that PHP 6 has been dead for years and it is unlikely that it will be resurrected in the same form, it is time to remove these forward-compatibility tokens. 
- 
-Proposed action: Throw a compile-time deprecation whenever binary casts or binary string literals are used. 
  
 ==== each() ==== ==== each() ====
Line 111: Line 104:
 This behavior of ''assert()'' makes it easy to introduce subtle remote code execution vulnerabilities. Using ''assert($value)'' to check if a value is truthy opens an RCE vulnerability if there is any chance for ''$value'' to be a string. This behavior of ''assert()'' makes it easy to introduce subtle remote code execution vulnerabilities. Using ''assert($value)'' to check if a value is truthy opens an RCE vulnerability if there is any chance for ''$value'' to be a string.
  
-Proposed action: Throw a deprecation notice if ''assert()'' is used with a string argument.+Proposed action: Throw a deprecation notice if ''assert()'' is used with a string argument. The deprecation notice is only thrown if assertions are enabled (both zend.assertions and assert.active must be enabled).
  
 ==== $errcontext argument of error handler ==== ==== $errcontext argument of error handler ====
Line 118: Line 111:
  
 This functionality is problematic for optimization, because the ''$errcontext'' can be used to modify all references and objects in the current scope. As far as I am aware, this functionality is barely used and the trade-off here is not worthwhile. If people wish to inspect the variable-state at the point of an error, they should use a proper debugger. This functionality is problematic for optimization, because the ''$errcontext'' can be used to modify all references and objects in the current scope. As far as I am aware, this functionality is barely used and the trade-off here is not worthwhile. If people wish to inspect the variable-state at the point of an error, they should use a proper debugger.
 +
 +Note that the error context only contains the local variables at the error-site. The error backtrace, including ''$this'' and function arguments, will of course stay available through ''debug_backtrace()''.
  
 Proposed action: Throw deprecation notice if error handler has five or more arguments. Otherwise, do not pass the ''$errcontext''. This prevents circumvention with ''func_get_args()''. Proposed action: Throw deprecation notice if error handler has five or more arguments. Otherwise, do not pass the ''$errcontext''. This prevents circumvention with ''func_get_args()''.
 +
 +==== (binary) cast and b"" literals ====
 +
 +This deprecation has been extracted into a separate RFC: [[rfc/binary_string_deprecation|Binary String Deprecation RFC]]
  
 ===== Backward Incompatible Changes ===== ===== Backward Incompatible Changes =====
Line 147: Line 146:
   * Second argument to ''spl_autoload''.   * Second argument to ''spl_autoload''.
   * The ticks mechanism, which is obsoleted by async signal handling.   * The ticks mechanism, which is obsoleted by async signal handling.
 +  * ''php_sapi_name'', ''phpversion'' and ''pi'': These functions return constant values corresponding to ''PHP_SAPI'', ''PHP_VERSION'' and ''M_PI''.
 +  * The ''(real)'' cast and ''is_real()'' functions. ''real'' is an alias for ''float''/''double'' which sees significantly less use than the other two variants.
  
 ===== Rejected deprecations ===== ===== Rejected deprecations =====
Line 157: Line 158:
  
 The motivations for removing this functionality are similar to those of ''$php_errormsg'', so it would seem reasonable to deprecate them at the same time. However, unlike ''$php_errormsg'' there exist no //simple// alternatives to ''$http_response_header''. The [[http://php.net/get_headers|get_headers]] function returns only the headers, but not the response body. Getting both requires, to my knowledge, a combination of ''fopen()'', ''stream_get_contents()'' and reading the ''wrapper_data'' from ''stream_get_meta_data()''. The motivations for removing this functionality are similar to those of ''$php_errormsg'', so it would seem reasonable to deprecate them at the same time. However, unlike ''$php_errormsg'' there exist no //simple// alternatives to ''$http_response_header''. The [[http://php.net/get_headers|get_headers]] function returns only the headers, but not the response body. Getting both requires, to my knowledge, a combination of ''fopen()'', ''stream_get_contents()'' and reading the ''wrapper_data'' from ''stream_get_meta_data()''.
- 
-===== Changelog ===== 
- 
-  * 2016-02-19: Added (unset) cast 
-  * 2016-02-19: Added mbstring.func_overload 
-  * 2016-02-18: Added getrandmax() 
rfc/deprecations_php_7_2.txt · Last modified: 2017/09/22 13:28 by 127.0.0.1