rfc:deprecations_php_7_4

PHP RFC: Deprecations for PHP 7.4

Introduction

This is a draft RFC for multiple deprecations targeting PHP 7.4. The RFC proposes to deprecate the listed functionality in PHP 7.4 and remove it in PHP 8.

The following list provides a short overview of the functionality targeted for deprecation, while more detailed explanation is provided in the Proposal section:

  • enable_dl php.ini directive
  • The 'real' type
  • The hebrev() & hebrevc() functions
  • Magic quotes legacy
  • __CLASS__ constant
  • get_called_class() function
  • array_key_exists() with objects
  • FILTER_SANITIZE_MAGIC_QUOTES filter
  • INPUT_SESSION & INPUT_REQUEST input types for the filter extension
  • apache_request_headers() function

The following are still Work-In-Progress and ideas:

  • Second parameter of spl_autoload() and its associated function spl_autoload_extensions()
  • convert_cyr_string()
  • allow_url_include ini directive
  • Unify parameter order for implode() to match explode()
  • Function variants that already exists as constants (e.g. php_sapi_name(), phpversion(), pi())
  • money_format()
  • var as an way to set a public property in a class

Proposal

Each feature proposed for deprecation is voted separately. Each vote requires a 2/3 majority, independently of whether it is a language or standard library change. All votes refer to depreciation in PHP 7.4 and removal in the next major version (presumably PHP 8.0).

enable_dl php.ini directive

The enable_dl php.ini directive controls whether or not the dl() function is available. However as of PHP 5.3, the dl() function was limited to the CLI and Embed SAPIs and between PHP 5.3.9 and 7.0.0, it was also available in the FPM SAPI.

This means that the enable_dl effectively has no greater meaning as it will never be available in a shared environment anyway, as any CLI user could easily bypass it anyway.

Proposal: Add a deprecation warning if enable_dl is non zero at start-up and when using CLI or Embed.

The 'real' type

Currently PHP has a float data type, with 2 additional aliases: double & real. The latter is very very rarely used and should be deprecated. This includes both the (real) type-cast and the is_real() function. Currently the settype() function does not support the 'real' string, so it is not affected.

Upgrading is relatively easy and can be done by replacing all (real) type-casts with (float) and all is_real() calls with is_float().

Proposal: Add a deprecation warning for each time the (real) type-cast is used and each time the is_real() function is called.

The hebrev() and hebrevc() functions

The hebrev() and hebrevc() functions are functions that helped make websites hebrew before browsers properly supported RTL, by simply converting the nature of RTL to LTR writing for easier display on websites. All modern browsers nowadays properly support unicode and RTL text direction and therefore it seems reasonable to deprecate these functions.

The hebrevc() function is essentially the same as calling nl2br() on the result of a hebrev() call.

Proposal: Add a deprecation warning if either hebrev() or hebrevc() is called.

Magic quotes legacy

PHP's infamous magic_quotes configuration was removed in PHP 5.4 and the function implementations of checking whether or not these settings have been enabled have returned false since then. With PHP 7.0 not having magic_quotes at all, it is time to deprecate these functions and remove them entirely.

This should effectively only hit legacy code bases prior to PHP 5.4, which is running non supported versions of PHP.

Proposal: Add a deprecation warning if either get_magic_quotes_gpc() or get_magic_quotes_runtime() is called.

__CLASS__ constant

This constant is the old way of detecting current class name.

Since PHP 5.5, __CLASS__ is equivalent to self::class.

Proposal: Deprecate __CLASS__ constant in favor of self::class.

get_called_class() function

This function is the old way of detecting current class name during LSB.

Since PHP 5.5, using get_called_class() is equivalent to static::class.

Proposal: Deprecate get_called_class() in favor of static::class.

array_key_exists() with objects

For backward compatibility reasons, array_key_exists() also works with objects and in such case behaves as property_exists().

Documented as a behavior that should not be relied upon, any usages of array_key_exists() on objects should be migrated to property_exists().

Proposal: Deprecate behavior where array_key_exists() accepts objects.

FILTER_SANITIZE_MAGIC_QUOTES

Magic quotes were deprecated all the way back in PHP 5.3 and later removed in PHP 5.4. The filter extension implements a sanitization filter that mimics this behavior of magic_quotes by calling addslashes() on the input in question.

As of PHP 7.3, a new alias of this filter was added add_slashes (FILTER_SANITIZE_ADD_SLASHES) to help ease the migration and allow us to move away from the magic_quotes name as calling addslashes() can still potentially be useful.

Proposed action: Emit a deprecation notice each time the FILTER_SANITIZE_MAGIC_QUOTES filter is used and advice users to use the add_slashes (FILTER_SANITIZE_ADD_SLASHES) filter.

INPUT_SESSION & INPUT_REQUEST input types for the filter extension

The filter extension implements a set of INPUT_XXX constants for telling the source of where the input is coming from. However, the INPUT_SESSION and INPUT_REQUEST inputs were never implemented but their constants are and simply just emits an E_WARNING when used.

Impact: Minimal as they do not serve any function and functionality relying on this is broken (non functional).

Proposed action: Keep the E_WARNING and mention that these will be removed in a future version of PHP.

apache_request_headers() function

This function with an Apache-specific name is also available in other SAPIs, even though it is also available under the SAPI-independent name getallheaders(). The SAPI-specific function should be removed in favor of the more general one.

Proposed action: Mark apache_request_headers() as deprecated.

Backward Incompatible Changes

For PHP 7.4 additional deprecation notices will appear. For PHP 8.0 the previously deprecated functionality will no longer be available.

Vote

Each of the bullet points above will get a separate vote. All votes will require a 2/3 supermajority, independently of whether they are language changes or not.

Changelog

  1. 2018-07-05: Added __CLASS__, get_called_class() and array_key_exists() with object arg (majkl)
rfc/deprecations_php_7_4.txt · Last modified: 2018/08/13 06:28 by carusogabriel