rfc:deprecations_php_8_5

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
rfc:deprecations_php_8_5 [2024/11/01 19:34] – Add some INI settings girgiasrfc:deprecations_php_8_5 [2024/11/21 09:38] (current) – Formatting timwolla
Line 22: Line 22:
   * Deprecate the ''error_prepend_string'' and ''error_append_string'' INI directives   * Deprecate the ''error_prepend_string'' and ''error_append_string'' INI directives
   * Deprecate the ''report_memleaks'' INI directive   * Deprecate the ''report_memleaks'' INI directive
 +  * Deprecate the ''register_argc_argv'' INI directive
 +  * Formally deprecate mysqli_execute
 +  * Deprecate <php>__construct()</php> and <php>__destruct()</php> in interfaces
  
 ===== Proposal ===== ===== Proposal =====
Line 162: Line 165:
 This "feature" is highly questionable, as memory leaks should be fixed the moment they are made aware of. This "feature" is highly questionable, as memory leaks should be fixed the moment they are made aware of.
 Because this cannot affect production builds of PHP we propose deprecating this INI setting. Because this cannot affect production builds of PHP we propose deprecating this INI setting.
 +
 +==== Deprecate the register_argc_argv INI directive ====
 +
 +Author: Nicolas Grekas <nicolas.grekas@php.net>
 +
 +This INI directive tells PHP whether to declare the argv & argc variables. On the CLI, phpdbg and embed SAPIs it is forced to On. It defaults to Off on other SAPIs. This setting is dangerous on HTTP SAPIs because it allows defining the value of the argv/argc variables from the query string. This is almost always unwanted and certainly unexpected. It can lead to security issues if one reads argv/argc from an HTTP apps while not being aware of this behavior.
 +
 +We propose to deprecate this INI setting and make in default to Off in PHP 8.5, then to hardcode it to Off for all non-CLI-related SAPIs on PHP 9 (while keeping it hardcoded to On for CLI-related ones).
 +
 +==== Formally deprecate mysqli_execute ====
 +
 +Author: Tim Düsterhus <timwolla@php.net>
 +
 +TODO: https://www.php.net/manual/en/function.mysqli-execute.php
 +
 +==== Deprecate __construct() and __destruct() in interfaces ====
 +
 +Author: Tim Düsterhus <timwolla@php.net>
 +
 +TODO: https://phpc.social/@dseguy/113476785631597024 / https://github.com/php/php-src/issues/16077
  
 ===== Backward Incompatible Changes ===== ===== Backward Incompatible Changes =====
rfc/deprecations_php_8_5.1730489660.txt.gz · Last modified: 2024/11/01 19:34 by girgias

Page Tools