rfc:deprecations_php_7_2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
rfc:deprecations_php_7_2 [2016/11/07 21:13]
nikic created
rfc:deprecations_php_7_2 [2017/08/12 18:36]
nikic
Line 2: Line 2:
   * Date: 2015-12-28   * Date: 2015-12-28
   * Author: Nikita Popov <nikic@php.net>   * Author: Nikita Popov <nikic@php.net>
-  * Status: Under Discussion +  * Status: Implemented (in PHP 7.2) 
-  * Discussion: http://markmail.org/message/axruwwohcjwxsjem+  * Discussion: http://markmail.org/message/gto22ob4scfbk7ql
   * Originally published under: https://wiki.php.net/rfc/deprecations_php_7_1   * Originally published under: https://wiki.php.net/rfc/deprecations_php_7_1
  
Line 19: Line 19:
   * ''parse_str()'' without second argument   * ''parse_str()'' without second argument
   * ''gmp_random()''   * ''gmp_random()''
-  * ''(binary)'' cast and ''%%b""%%'' literals 
   * ''each()''   * ''each()''
   * ''assert()'' with string argument   * ''assert()'' with string argument
Line 25: Line 24:
  
 ===== Proposal ===== ===== Proposal =====
 +
 +Each feature proposed for deprecation is voted separately. Each vote requires a 2/3 majority, independently of whether it is a language or standard library change. All votes refer to deprecation in PHP 7.2 and removal in the next major version (presumably PHP 8.0).
  
 ==== __autoload ==== ==== __autoload ====
Line 31: Line 32:
  
 Proposed action: A deprecation notice is thrown when a global function with name ''%%__autoload()%%'' is encountered during compilation. Proposed action: A deprecation notice is thrown when a global function with name ''%%__autoload()%%'' is encountered during compilation.
 +
 +<doodle title="Deprecate and subsequently remove __autoload" auth="nikic" voteType="single" closed="true">
 +   * Yes
 +   * No
 +</doodle>
  
 ==== $php_errormsg ==== ==== $php_errormsg ====
Line 39: Line 45:
  
 Proposed action: A deprecation notice is thrown if the ''track_errors'' ini setting is enabled. Proposed action: A deprecation notice is thrown if the ''track_errors'' ini setting is enabled.
 +
 +<doodle title="Deprecate and subsequently remove $php_errormsg" auth="nikic" voteType="single" closed="true">
 +   * Yes
 +   * No
 +</doodle>
  
 ==== create_function() ==== ==== create_function() ====
Line 47: Line 58:
  
 Proposed action: Mark the function as deprecated, thus issuing a deprecation notice on every call. Proposed action: Mark the function as deprecated, thus issuing a deprecation notice on every call.
 +
 +<doodle title="Deprecate and subsequently remove create_function()" auth="nikic" voteType="single" closed="true">
 +   * Yes
 +   * No
 +</doodle>
  
 ==== mbstring.func_overload ==== ==== mbstring.func_overload ====
Line 59: Line 75:
  
 Tracking bug: [[https://bugs.php.net/bug.php?id=65785|#65785]] Tracking bug: [[https://bugs.php.net/bug.php?id=65785|#65785]]
 +
 +<doodle title="Deprecate and subsequently remove mbstring.func_overload" auth="nikic" voteType="single" closed="true">
 +   * Yes
 +   * No
 +</doodle>
  
 ==== (unset) cast ==== ==== (unset) cast ====
Line 65: Line 86:
  
 Proposed action: Throw a deprecation notice if an ''(unset)'' cast is encountered by the compiler. No deprecation notice is thrown from the lexer or parser themselves (so that ''token_get_all'' continues working as is). Proposed action: Throw a deprecation notice if an ''(unset)'' cast is encountered by the compiler. No deprecation notice is thrown from the lexer or parser themselves (so that ''token_get_all'' continues working as is).
 +
 +<doodle title="Deprecate and subsequently remove (unset) cast" auth="nikic" voteType="single" closed="true">
 +   * Yes
 +   * No
 +</doodle>
  
 ==== parse_str() without second argument ==== ==== parse_str() without second argument ====
Line 73: Line 99:
  
 Proposed action: Throw a deprecation notice if the second argument of ''parse_str()'' is not used. Proposed action: Throw a deprecation notice if the second argument of ''parse_str()'' is not used.
 +
 +<doodle title="Deprecate and subsequently remove parse_str() without second argument" auth="nikic" voteType="single" closed="true">
 +   * Yes
 +   * No
 +</doodle>
  
 ==== gmp_random() ==== ==== gmp_random() ====
Line 82: Line 113:
 Proposed action: Mark the function as deprecated, thus issuing a deprecation notice on every call. Proposed action: Mark the function as deprecated, thus issuing a deprecation notice on every call.
  
-==== (binarycast and b"" literals ==== +<doodle title="Deprecate and subsequently remove gmp_random()" auth="nikic" voteType="single" closed="true"> 
- +   * Yes 
-The binary cast and binary string literals were originally introduced as forward-compatibility features for PHP 6. Currently they behave identically to ordinary (string) casts and ordinary string literals. Given that PHP 6 has been dead for years and it is unlikely that it will be resurrected in the same form, it is time to remove these forward-compatibility tokens. +   * No 
- +</doodle>
-Proposed action: Throw a compile-time deprecation whenever binary casts or binary string literals are used.+
  
 ==== each() ==== ==== each() ====
Line 102: Line 132:
  
 Proposed action: As ''each'' is typically called within loops, throwing a deprecation warning for every call is likely not advisable. Instead, throw a deprecation warning on the first call for any given request. Proposed action: As ''each'' is typically called within loops, throwing a deprecation warning for every call is likely not advisable. Instead, throw a deprecation warning on the first call for any given request.
 +
 +<doodle title="Deprecate and subsequently remove each()" auth="nikic" voteType="single" closed="true">
 +   * Yes
 +   * No
 +</doodle>
  
 ==== assert() with string argument ==== ==== assert() with string argument ====
Line 111: Line 146:
 This behavior of ''assert()'' makes it easy to introduce subtle remote code execution vulnerabilities. Using ''assert($value)'' to check if a value is truthy opens an RCE vulnerability if there is any chance for ''$value'' to be a string. This behavior of ''assert()'' makes it easy to introduce subtle remote code execution vulnerabilities. Using ''assert($value)'' to check if a value is truthy opens an RCE vulnerability if there is any chance for ''$value'' to be a string.
  
-Proposed action: Throw a deprecation notice if ''assert()'' is used with a string argument.+Proposed action: Throw a deprecation notice if ''assert()'' is used with a string argument. The deprecation notice is only thrown if assertions are enabled (both zend.assertions and assert.active must be enabled). 
 + 
 +<doodle title="Deprecate and subsequently remove assert() with string argument" auth="nikic" voteType="single" closed="true"> 
 +   * Yes 
 +   * No 
 +</doodle>
  
 ==== $errcontext argument of error handler ==== ==== $errcontext argument of error handler ====
Line 118: Line 158:
  
 This functionality is problematic for optimization, because the ''$errcontext'' can be used to modify all references and objects in the current scope. As far as I am aware, this functionality is barely used and the trade-off here is not worthwhile. If people wish to inspect the variable-state at the point of an error, they should use a proper debugger. This functionality is problematic for optimization, because the ''$errcontext'' can be used to modify all references and objects in the current scope. As far as I am aware, this functionality is barely used and the trade-off here is not worthwhile. If people wish to inspect the variable-state at the point of an error, they should use a proper debugger.
 +
 +Note that the error context only contains the local variables at the error-site. The error backtrace, including ''$this'' and function arguments, will of course stay available through ''debug_backtrace()''.
  
 Proposed action: Throw deprecation notice if error handler has five or more arguments. Otherwise, do not pass the ''$errcontext''. This prevents circumvention with ''func_get_args()''. Proposed action: Throw deprecation notice if error handler has five or more arguments. Otherwise, do not pass the ''$errcontext''. This prevents circumvention with ''func_get_args()''.
 +
 +**Update:** Due to technical issues, this does not throw a deprecation warning. It is a documentation-only deprecation.
 +
 +<doodle title="Deprecate and subsequently remove $errcontext argument of error handler" auth="nikic" voteType="single" closed="true">
 +   * Yes
 +   * No
 +</doodle>
 +
 +==== (binary) cast and b"" literals ====
 +
 +This deprecation has been extracted into a separate RFC: [[rfc/binary_string_deprecation|Binary String Deprecation RFC]]
  
 ===== Backward Incompatible Changes ===== ===== Backward Incompatible Changes =====
  
-For PHP 7.additional deprecation notices will appear. For PHP 8.0 the previously deprecated functionality will no longer be available.+For PHP 7.additional deprecation notices will appear. For PHP 8.0 the previously deprecated functionality will no longer be available.
  
 ===== Proposed Voting Choices ===== ===== Proposed Voting Choices =====
Line 147: Line 200:
   * Second argument to ''spl_autoload''.   * Second argument to ''spl_autoload''.
   * The ticks mechanism, which is obsoleted by async signal handling.   * The ticks mechanism, which is obsoleted by async signal handling.
 +  * ''php_sapi_name'', ''phpversion'' and ''pi'': These functions return constant values corresponding to ''PHP_SAPI'', ''PHP_VERSION'' and ''M_PI''.
 +  * The ''(real)'' cast and ''is_real()'' functions. ''real'' is an alias for ''float''/''double'' which sees significantly less use than the other two variants.
  
 ===== Rejected deprecations ===== ===== Rejected deprecations =====
Line 157: Line 212:
  
 The motivations for removing this functionality are similar to those of ''$php_errormsg'', so it would seem reasonable to deprecate them at the same time. However, unlike ''$php_errormsg'' there exist no //simple// alternatives to ''$http_response_header''. The [[http://php.net/get_headers|get_headers]] function returns only the headers, but not the response body. Getting both requires, to my knowledge, a combination of ''fopen()'', ''stream_get_contents()'' and reading the ''wrapper_data'' from ''stream_get_meta_data()''. The motivations for removing this functionality are similar to those of ''$php_errormsg'', so it would seem reasonable to deprecate them at the same time. However, unlike ''$php_errormsg'' there exist no //simple// alternatives to ''$http_response_header''. The [[http://php.net/get_headers|get_headers]] function returns only the headers, but not the response body. Getting both requires, to my knowledge, a combination of ''fopen()'', ''stream_get_contents()'' and reading the ''wrapper_data'' from ''stream_get_meta_data()''.
- 
-===== Changelog ===== 
- 
-  * 2016-02-19: Added (unset) cast 
-  * 2016-02-19: Added mbstring.func_overload 
-  * 2016-02-18: Added getrandmax() 
rfc/deprecations_php_7_2.txt · Last modified: 2017/09/22 13:28 (external edit)