mirror of
https://github.com/php/php-src.git
synced 2024-11-27 20:03:40 +08:00
365 lines
14 KiB
Plaintext
Executable File
365 lines
14 KiB
Plaintext
Executable File
$Id$
|
|
|
|
PHP 5.6 UPGRADE NOTES
|
|
|
|
1. Backward Incompatible Changes
|
|
2. New Features
|
|
2. Changes in SAPI modules
|
|
3. Deprecated Functionality
|
|
4. Changed Functions
|
|
5. New Functions
|
|
6. New Classes and Interfaces
|
|
7. Removed Extensions
|
|
8. Other Changes to Extensions
|
|
9. New Global Constants
|
|
10. Changes to INI File Handling
|
|
11. Other Changes
|
|
|
|
|
|
========================================
|
|
1. Backward Incompatible Changes
|
|
========================================
|
|
|
|
- JSON:
|
|
json_decode() no longer accepts non-lowercase variants of lone JSON true,
|
|
false or null values. For example, True or FALSE will now cause json_decode to
|
|
return NULL and set an error value you can fetch with json_last_error().
|
|
This affects JSON texts consisting solely of true, false or null. Text
|
|
containing non-lowercase values inside JSON arrays or objects has never been
|
|
accepted.
|
|
|
|
- OpenSSL:
|
|
To prevent man-in-the-middle attacks against encrypted transfers client
|
|
streams now verify peer certificates by default. Previous versions
|
|
required users to manually enable peer verification. As a result of this
|
|
change, existing code using ssl:// or tls:// stream wrappers (e.g.
|
|
file_get_contents(), fsockopen(), stream_socket_client()) may no longer
|
|
connect successfully without manually disabling peer verification via the
|
|
stream context's "verify_peer" setting. Encrypted transfers delegate to
|
|
operating system certificate stores by default if not overridden via the
|
|
new openssl.cafile and openssl.cafile ini directives or via call-time SSL
|
|
context options, so most users should be unaffected by this transparent
|
|
security enhancement. (https://wiki.php.net/rfc/tls-peer-verification)
|
|
|
|
- Mcrypt:
|
|
The mcrypt_encrypt(), mcrypt_decrypt() and mcrypt_{MODE}() functions no
|
|
longer accept keys or IVs with incorrect sizes. Furthermore an IV is now
|
|
required if the used block cipher mode requires it.
|
|
|
|
========================================
|
|
2. New Features
|
|
========================================
|
|
|
|
- Added constant scalar expressions syntax.
|
|
(https://wiki.php.net/rfc/const_scalar_exprs)
|
|
|
|
- Added dedicated syntax for variadic functions.
|
|
(https://wiki.php.net/rfc/variadics)
|
|
|
|
- Added support for argument unpacking to complement the variadic syntax.
|
|
(https://wiki.php.net/rfc/argument_unpacking)
|
|
|
|
- Added an exponentiation operator (**).
|
|
(https://wiki.php.net/rfc/pow-operator)
|
|
|
|
- Added unified default encoding. default_charset=UTF-8 and functions/extensions
|
|
use encoding settings honor default_charset.
|
|
|
|
- The php://input stream is now re-usable and can be used concurrently with
|
|
enable_post_data_reading=0.
|
|
|
|
- Added use function and use const.
|
|
(https://wiki.php.net/rfc/use_function)
|
|
|
|
- Added gost-crypto (CryptoPro S-box) hash algorithm.
|
|
|
|
- Stream wrappers verify peer certificates and host names by default in
|
|
encrypted client streams.
|
|
|
|
- Added openssl certificate fingerprint support (inclusive stream context
|
|
option).
|
|
|
|
- Added support for SAN x509 extension matching when verifing host names in
|
|
encrypted streams.
|
|
|
|
- Added a range of new SSL context options for improved encrypted stream
|
|
server security (https://wiki.php.net/rfc/improved-tls-defaults):
|
|
|
|
. "honor_cipher_order" allows servers to prioritize cipher suites of their
|
|
choosing when negotiating SSL/TLS handshakes.
|
|
. "single_ecdh_use" and "single_dh_use" allow for improved forward
|
|
secrecy in encrypted stream servers.
|
|
. "dh_param" allows specification of pre-generated key generation
|
|
parameters when negotiating ephemeral DHE ciphers in stream servers.
|
|
. "ecdh_curve" allows stream servers to specify which curve to use when
|
|
negotiating ephemeral ECDHE ciphers (defaults to NIST P-256).
|
|
. "rsa_key_size" SSL context option gives stream servers control
|
|
over the key size (in bits) used when negotiating RSA ciphers.
|
|
. "capture_session_meta" if specified stores an array of data describing
|
|
the TLS session's protocol/cipher in the "session_meta" SSL context key.
|
|
|
|
- Added automatic mitigation against client-initated TLS renegotiation DoS
|
|
attacks in encrypted server streams. Renegotiation limiting may be
|
|
customized via three new SSL context options:
|
|
|
|
. "reneg_limit" (number of allowed renegotiations per time window)
|
|
. "reneg_window" (renegotiation time window in seconds)
|
|
. "reneg_limit_callback" (optional notification callback on limiting)
|
|
|
|
- Encrypted TLS servers now support the server name indication (SNI) TLS
|
|
extension via the new "SNI_server_certs" SSL context option.
|
|
|
|
- Added "crypto_method" SSL context option for use in encrypted streams.
|
|
|
|
- Added "peer_name" SSL context option to better reflect peer certificate
|
|
name matching using SAN extension (replaces deprecated "CN_match").
|
|
|
|
- Added stream wrapper support when specifying "cafile" SSL context paths.
|
|
|
|
- Independent peer cert and peer name validation is now available via a new
|
|
boolean "verify_peer_name" SSL context option. This option is enabled by
|
|
default in encrypted client streams.
|
|
|
|
- Added protocol-specific tlsv1.0://, tlsv1.1:// and tlsv1.2:// encryption
|
|
stream wrappers. tls:// wrapper now supports TLSv1.1 and TLSv1.2 (previously
|
|
only supported TLSv1).
|
|
|
|
- Stream crypto method specification now accepts flags instead of values
|
|
allowing support for multiple discrete protocols in a given stream.
|
|
|
|
- PostgreSQL database connections may now be established asynchronously using
|
|
new constants and polling functions in ext/pgsql.
|
|
|
|
- Non-blocking read/write query behavior now optionally available in database
|
|
operations using the ext/pgsql extension.
|
|
|
|
========================================
|
|
2. Changes in SAPI modules
|
|
========================================
|
|
|
|
- Added phpdbg SAPI.
|
|
(https://wiki.php.net/rfc/phpdbg)
|
|
|
|
- Support for FPM workers changing the apparmor profile through the pool configuration.
|
|
(https://wiki.php.net/rfc/fpm_change_hat)
|
|
|
|
========================================
|
|
3. Deprecated Functionality
|
|
========================================
|
|
|
|
- Incompatible context calls:
|
|
Instance calls from an incompatible context are now deprecated and issue
|
|
E_DEPRECATED instead of E_STRICT. See https://wiki.php.net/rfc/incompat_ctx
|
|
|
|
- The "CN_match" and "SNI_server_name" SSL context options are deprecated in
|
|
favor of the new "peer_name" option. Name verification now checks certificate
|
|
SAN names as well as the CN field and the specific name fields are deprecated
|
|
to avoid confusion. Their use triggers E_DEPRECATED but continues to work as
|
|
before. If specified, the specific values take precedence over the general
|
|
"peer_name" value.
|
|
|
|
- Deprecated PDO::PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT, an
|
|
undocument constant effectively equivalent to PDO::ATTR_EMULATE_PREPARES.
|
|
|
|
========================================
|
|
4. Changed Functions
|
|
========================================
|
|
|
|
- cURL:
|
|
CURLOPT_SAFE_UPLOAD is now turned on by default and uploads with @file
|
|
do not work unless it is explicitly set to false.
|
|
|
|
- Crypt:
|
|
crypt() will now raise an E_NOTICE error if the salt parameter is omitted.
|
|
See: https://wiki.php.net/rfc/crypt_function_salt
|
|
|
|
- Mcrypt:
|
|
The $source parameter of mcrypt_create_iv() now defaults to
|
|
MCRYPT_DEV_URANDOM instead of MCRYPT_DEV_RANDOM.
|
|
|
|
- XMLReader:
|
|
XMLReader::getAttributeNs and XMLReader::getAttributeNo now return NULL if
|
|
the attribute could not be found, just like XMLReader::getAttribute.
|
|
|
|
- Pgsql:
|
|
pg_insert()/pg_select()/pg_update()/pg_delete() are no longer EXPERIMENTAL.
|
|
The following functions no longer block until query write completion if the
|
|
socket stream underlying a database connection is set to non-blocking mode:
|
|
. pg_send_execute()
|
|
. pg_send_prepare()
|
|
. pg_send_query()
|
|
. pg_send_query_params()
|
|
|
|
========================================
|
|
5. New Functions
|
|
========================================
|
|
|
|
- GMP:
|
|
Added gmp_root($a, $nth) and gmp_rootrem($a, $nth) for calculating nth roots.
|
|
|
|
- OpenSSL:
|
|
Added string openssl_x509_fingerprint($x509, $type, $binary).
|
|
Added string openssl_spki_new($private_key, $challenge, $algorithm)
|
|
Added bool openssl_spki_verify($spkac)
|
|
Added string openssl_spki_export($spkac)
|
|
Added string openssl_spki_export_challenge($spkac)
|
|
Added array openssl_get_cert_locations()
|
|
|
|
- LDAP:
|
|
Added ldap_escape($value, $ignore = "", $flags = 0).
|
|
Added ldap_modify_batch($link_identifier, $dn, $modifications) described in
|
|
https://wiki.php.net/rfc/ldap_modify_batch.
|
|
|
|
- Pgsql:
|
|
Added pg_socket($connection) to allow async connections and non-blocking IO
|
|
Added pg_connect_poll($connection) for establishing async connections
|
|
Added pg_consume_input($connection) for non-blocking query result consumption
|
|
Added pg_flush($connection) for non-blocking query write completion
|
|
|
|
- PDO_pgsql
|
|
Added PDO::pgsqlGetNotify($result_type = PDO::FETCH_USE_DEFAULT, $ms_timeout = 0)
|
|
Added PDO::pgsqlGetPid()
|
|
|
|
- Zip:
|
|
Added ZipArchive::setPassword($password)
|
|
|
|
========================================
|
|
6. New Classes and Interfaces
|
|
========================================
|
|
|
|
|
|
========================================
|
|
7. Removed Extensions
|
|
========================================
|
|
|
|
|
|
========================================
|
|
8. Other Changes to Extensions
|
|
========================================
|
|
|
|
- cURL:
|
|
- The following constants have been removed as they are now marked "obsolete"
|
|
in the underlying library and never had any effect to begin with:
|
|
. CURLOPT_CLOSEPOLICY
|
|
. CURLCLOSEPOLICY_CALLBACK
|
|
. CURLCLOSEPOLICY_LEAST_RECENTLY_USED
|
|
. CURLCLOSEPOLICY_LEAST_TRAFFIC
|
|
. CURLCLOSEPOLICY_OLDEST
|
|
. CURLCLOSEPOLICY_SLOWEST
|
|
|
|
- GMP:
|
|
The GMP extension now uses objects as the underlying data structure, rather
|
|
than resources. GMP instances now support dumping, serialization, cloning,
|
|
casts to primitive types and have overloaded operators.
|
|
(RFC: https://wiki.php.net/rfc/operator_overloading_gmp)
|
|
|
|
- OCI8:
|
|
- Added Implicit Result Set support for Oracle Database 12c with a
|
|
new oci_get_implicit_resultset() function.
|
|
- Using 'oci_execute($s, OCI_NO_AUTO_COMMIT)' for a SELECT no longer
|
|
unnecessarily initiates an internal ROLLBACK during connection
|
|
close.
|
|
- Multi-row OCI_RETURN_LOB queries require fewer "round trips" to the database.
|
|
- Added DTrace probes enabled with PHP's generic --enable-dtrace
|
|
- The oci_internal_debug() function is now a no-op.
|
|
- The phpinfo() output format for OCI8 has changed.
|
|
|
|
- OpenSSL:
|
|
- The "SNI_enabled" SSL stream context option is now set to TRUE by default
|
|
if supported by the underlying openssl library.
|
|
|
|
- Pgsql:
|
|
- pg_insert()/pg_select()/pg_update()/pg_delete()/pg_meta_data()/pg_convert()
|
|
are no longer EXPERIMENTAL
|
|
- Added PGSQL_DML_ESCAPE option for pg_insert()/pg_select()/pg_update()/pg_delete()
|
|
that simply escapes all supplied parameters. These functions can be as fast as
|
|
native query. Unvalidated data(Unknown data types) is passed as string.
|
|
JSON/Array/etc are supported both PGSQL_DML_ESCAPE and pg_convert() as string.
|
|
- pg_select() returns PostgreSQL query resource when query is executed.
|
|
- Added extended flag parameter for pg_meta_data(). pg_meta_data() always
|
|
returns "is enum" attribute.
|
|
- The new pg_socket() function returns a socket stream with no behavior other
|
|
than to allow IO-readiness polling on a DB connection socket. Calling
|
|
stream_set_blocking() on its result enables non-blocking behavior.
|
|
- Passing the new PGSQL_CONNECT_ASYNC flag to pg_connect() allows applications
|
|
to poll for IO readiness via pg_connect_poll() and establish connections
|
|
asynchronously.
|
|
|
|
- PDO_pgsql:
|
|
- Added PDO::PGSQL_ATTR_DISABLE_PREPARES constant to execute the queries
|
|
without preparing them, while still passing parameters separately from
|
|
the command text using PQexecParams.
|
|
- Added LISTEN/NOTIFY support via PDO::pgsqlGetNotify / PDO::pgsqlGetPid()
|
|
as described in https://bugs.php.net/bug.php?id=42614.
|
|
|
|
========================================
|
|
9. New Global Constants
|
|
========================================
|
|
|
|
- LDAP:
|
|
LDAP_ESCAPE_FILTER int(1)
|
|
LDAP_ESCAPE_DN int(2)
|
|
|
|
- Pgsql:
|
|
PGSQL_DML_ESCAPE int(4096)
|
|
PGSQL_CONNECT_ASYNC
|
|
PGSQL_CONNECTION_STARTED
|
|
PGSQL_CONNECTION_MADE
|
|
PGSQL_CONNECTION_AWAITING_RESPONSE
|
|
PGSQL_CONNECTION_AUTH_OK
|
|
PGSQL_CONNECTION_SSL_STARTUP
|
|
PGSQL_CONNECTION_SETENV
|
|
PGSQL_POLLING_FAILED
|
|
PGSQL_POLLING_READING
|
|
PGSQL_POLLING_WRITING
|
|
PGSQL_POLLING_OK
|
|
PGSQL_POLLING_ACTIVE
|
|
|
|
- OpenSSL:
|
|
STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT int(9)
|
|
STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT int(17)
|
|
STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT int(33)
|
|
STREAM_CRYPTO_METHOD_ANY_CLIENT int(63)
|
|
STREAM_CRYPTO_METHOD_TLSv1_0_SERVER int(8)
|
|
STREAM_CRYPTO_METHOD_TLSv1_1_SERVER int(16)
|
|
STREAM_CRYPTO_METHOD_TLSv1_2_SERVER int(32)
|
|
STREAM_CRYPTO_METHOD_ANY_SERVER int(62)
|
|
OPENSSL_DEFAULT_STREAM_CIPHERS string
|
|
|
|
========================================
|
|
10. Changes to INI File Handling
|
|
========================================
|
|
|
|
- Core:
|
|
Changed always_populate_raw_post_data to throw a deprecation warning when
|
|
enabled and to recognize the value -1 for never populating the global
|
|
$HTTP_RAW_POST_DATA variable, which will be default in future PHP versions.
|
|
|
|
- cURL:
|
|
If the new openssl.cafile ini directive is specified ext/curl will give the
|
|
openssl path precedence over its own curl.cainfo directive.
|
|
|
|
- OpenSSL:
|
|
openssl.cafile and openssl.capath ini directives have been added to allow
|
|
global CA default specification as necessary.
|
|
|
|
========================================
|
|
11. Other Changes
|
|
========================================
|
|
|
|
- File upload:
|
|
Uploads equal or greater than 2GB in size are now accepted.
|
|
|
|
- HTTP stream wrapper:
|
|
HTTP 1.1 requests now include a Connection: close header unless explicitly
|
|
overridden by setting a Connection header via the header context option.
|
|
|
|
- PDO_pgsql
|
|
A libpq version providing PQexecParams, PQprepare, PQescapeStringConn,
|
|
PQescapeByteaConn is now required. According to the release notes that means
|
|
8.0.8+ or 8.1.4+.
|
|
|
|
- Zip:
|
|
New --with-libzip option allow to use system libzip. Version > 0.11 required,
|
|
Version >= 0.11.2 recommended for all features.
|