Differences

This shows you the differences between two versions of the page.

--- rfc:deprecations_php_8_5 [2024/11/01 19:34] – Add some INI settings girgias
+++ rfc:deprecations_php_8_5 [2025/03/30 17:46] (current) – Add finfo_buffer() $context param girgias
@@ Line 3: / Line 3: @@
   * Authors:
     * Gina Peter Banyard <girgias@php.net>
-  * Status: Pending Implementation
+    * Christoph M. Becker <cmb@php.net>
+  * Status: Draft
   * Implementation: TBD
@@ Line 14: / Line 15: @@
   * Deprecate ''key_length'' parameter of <php>openssl_pkey_derive()</php>
   * Deprecate PDO's 'uri:' scheme
+  * Deprecate PDO::ERRMODE_WARNING error mode
+  * Deprecate intl.error_level INI setting
   * Deprecate Reflection*::setAccessible()
   * Deprecate FILTER_DEFAULT constant
   * Make ''$filter'' parameter mandatory for <php>filter_*()</php> functions
   * Deprecate FILTER_CALLBACK filter
-  * Deprecate <php>filter_input()</php> and <php>filter_input_array()</php>
+  * Deprecate <php>filter_input()</php>, <php>filter_input_array()</php>, and <php>filter_has_var()</php>
   * Deprecate the ''docref_root'' and ''docref_ext'' INI directives
   * Deprecate the ''error_prepend_string'' and ''error_append_string'' INI directives
   * Deprecate the ''report_memleaks'' INI directive
+  * Deprecate the ''register_argc_argv'' INI directive
+  * Formally deprecate mysqli_execute
+  * Deprecate <php>__construct()</php> and <php>__destruct()</php> in interfaces
+  * Deprecate semicolon after ''case'' in switch statement
+  * Deprecate the <php>$exclude_disabled</php> parameter of <php>get_defined_functions()</php>
+  * Deprecate building ext/ldap against Oracle LDAP
+  * Deprecate passing ''null'' to <php>readdir()</php>, <php>rewinddir()</php>, and <php>closedir()</php>
+  * Deprecate the <php>$context</php> parameter for <php>finfo_buffer()</php>
 ===== Proposal =====
@@ Line 39: / Line 50: @@
 TODO: https://github.com/php/php-src/blob/d7bdf902e5b88189037883d462e422838bd9be55/ext/pdo/pdo_dbh.c#L323-L335
+==== Deprecate PDO::ERRMODE_WARNING error mode ====
+Author: Gina Peter Banyard <girgias@php.net>
+TODO: Warnings are a weird mixture of exceptions, and setting the error code.
+==== Deprecate intl.error_level INI setting ====
+Author: Gina Peter Banyard <girgias@php.net>
+TODO: Similar to PDO::ERRMODE_WARNING where intl.use_exceptions should be prefered instead.
 ==== Deprecate Reflection*::setAccessible() ====
@@ Line 77: / Line 100: @@
-==== Deprecate filter_input() and filter_input_array() ====
+==== Deprecate filter_input(), filter_input_array(), and filter_has_var() ====
 Author: Gina Peter Banyard <girgias@php.net>
@@ Line 128: / Line 151: @@
 and <php>filter_var_array($_GET, /* other params */)</php>,
 we propose to deprecate <php>filter_input()</php> and <php>filter_input_array()</php>.
+As <php>filter_has_var()</php> is effectively equivalent to <php>array_key_exists()</php>,
+but has the same caveat as the two previous functions, we propose to also deprecate this function.
 ==== Deprecate the docref_root and docref_ext INI directives ====
@@ Line 162: / Line 188: @@
 This "feature" is highly questionable, as memory leaks should be fixed the moment they are made aware of.
 Because this cannot affect production builds of PHP we propose deprecating this INI setting.
+==== Deprecate the register_argc_argv INI directive ====
+Author: Nicolas Grekas <nicolas.grekas@php.net>
+This INI directive tells PHP whether to declare the argv & argc variables. On the CLI, phpdbg and embed SAPIs it is forced to On. It defaults to Off on other SAPIs. This setting is dangerous on HTTP SAPIs because it allows defining the value of the argv/argc variables from the query string. This is almost always unwanted and certainly unexpected. It can lead to security issues if one reads argv/argc from an HTTP apps while not being aware of this behavior.
+We propose to deprecate this INI setting and make in default to Off in PHP 8.5, then to hardcode it to Off for all non-CLI-related SAPIs on PHP 9 (while keeping it hardcoded to On for CLI-related ones).
+==== Formally deprecate mysqli_execute ====
+Author: Tim Düsterhus <timwolla@php.net>
+TODO: https://www.php.net/manual/en/function.mysqli-execute.php
+==== Deprecate __construct() and __destruct() in interfaces ====
+Author: Tim Düsterhus <timwolla@php.net>
+TODO: https://phpc.social/@dseguy/113476785631597024 / https://github.com/php/php-src/issues/16077
+==== Deprecate semicolon after case in switch statement ====
+Author: Theodore Brown <theodorejb@php.net>
+It is possible to terminate ''case'' statements with a semicolon instead of the standard colon:
+<PHP>
+switch ($value) {
+    case 'foo';
+    case 'bar':
+    case 'baz';
+        echo 'foo, bar, or baz';
+        break;
+    default;
+        echo 'Other';
+}
+</PHP>
+This syntax is a leftover from PHP/FI 2, where nearly all lines including if conditions and case statements were terminated by a semicolon. [[https://externals.io/message/109350#109363|1]] [[https://www.php.net/manual/phpfi2.php#lang|2]]
+There isn't a need for this syntax to exist anymore, and very few PHP developers are even aware of its existence. In the top 1000 Composer packages, zero out of 35,777 total case statements are using the alternate syntax (as of 2024-11-27).
+Case statements followed by a semicolon can cause confusion, as a developer may think they behave differently in some way from regular case statements (e.g. preventing fallthrough), when they do not.
+Therefore, we propose to deprecate terminating case statements with a semicolon.
+==== Deprecate the $exclude_disabled parameter of get_defined_functions() ====
+Author: Gina Peter Banyard <girgias@php.net>
+As of PHP 8.0.0, functions that are disabled via the ''disable_functions'' INI setting are simply removed from the function table.
+As such, this parameter has no longer any effect and is pointless.
+Therefore, we propose to deprecate it.
+==== Deprecate building ext/ldap against Oracle LDAP ====
+Author: Christoph M. Becker <cmb@php.net>
+Building ext/ldap against Oracle LDAP had been supported, and is theoretically still supported, but is apparently [[https://github.com/php/php-src/issues/15051|broken for a while]].  The Oracle LDAP implementation is part of Oracle Instant Client, and uses an older LDAP API; apparently, there are no plans for updating this.  So users are almost certainly better off to build against OpenLDAP (and if they need OCI8, to build that as shared library, and load after ext/ldap).
+Therefore we supposed to deprecate building ext/ldap against Oracle LDAP.
+It should be noted that the ``ldap_connect_wallet()`` function, [[https://wiki.php.net/rfc/deprecate_functions_with_overloaded_signatures#ldap_connect|available only as of PHP 8.3]], would also be part of the deprecation, as well as other existing Oracle LDAP specific features.
+==== Deprecate passing null to readdir(), rewinddir(), and closedir()  ====
+Author: Gina Peter Banyard <girgias@php.net>
+TODO: This assumes the last open directory stream opened with <php>opendir()</php> or <php>dir()</php>
+we have deprecated such usages previous (see mysql and pgsql).
+==== Deprecate the $context parameter for finfo_buffer()  ====
+Author: Gina Peter Banyard <girgias@php.net>
+This parameter is unused, and the only reason it exists in the first place is because the implementation of it was delegated to a "god" C function that also was handingl <php>finfo_file()</php> which does use the provided context.
+As this parameter is not useful for this function it should be deprecated.
 ===== Backward Incompatible Changes =====

Differences

Page Tools