mirror of
https://github.com/php/php-src.git
synced 2024-12-01 13:54:10 +08:00
389 lines
14 KiB
Plaintext
389 lines
14 KiB
Plaintext
PHP 7.2 UPGRADE NOTES
|
||
|
||
1. Backward Incompatible Changes
|
||
2. New Features
|
||
3. Changes in SAPI modules
|
||
4. Deprecated Functionality
|
||
5. Changed Functions
|
||
6. New Functions
|
||
7. New Classes and Interfaces
|
||
8. Removed Extensions and SAPIs
|
||
9. Other Changes to Extensions
|
||
10. New Global Constants
|
||
11. Changes to INI File Handling
|
||
12. Windows Support
|
||
13. Other Changes
|
||
|
||
|
||
========================================
|
||
1. Backward Incompatible Changes
|
||
========================================
|
||
|
||
- Core:
|
||
. gettype() will now return "resource (closed)" instead of "unknown type" for
|
||
closed resources.
|
||
. is_object() will now return true for objects of class
|
||
__PHP_Incomplete_Class.
|
||
. Support for Netware operating systems has been removed.
|
||
. Casting arrays to objects (with (object) or settype()) will now convert
|
||
integer keys to string property names. This fixes the behaviour of previous
|
||
versions, where integer keys would become inaccessible properties with
|
||
integer names.
|
||
. Casting objects to arrays (with (array) or settype()), and retrieving
|
||
object properties in an array with get_object_vars(), will now convert
|
||
numeric string property names (that is, property names of the format
|
||
/^(0|(-?[1-9][0-9]*))$/ where PHP_INT_MIN <= n <= PHP_INT_MAX) to integer
|
||
keys. This fixes the behaviour of previous versions, where numeric string
|
||
property names would become inaccessible string keys.
|
||
. Unqualified references to undefined constants now generate a Warning instead
|
||
of a notice. They will generate an Error in a future version of PHP.
|
||
(https://wiki.php.net/rfc/deprecate-bareword-strings)
|
||
. Minimum supported Windows versions are Windows 7/Server 2008 R2.
|
||
. Initial trait property value compatibility check will no longer perform
|
||
any casts. (Bug #74269)
|
||
. "object" (in any case) can no longer be used as a class name.
|
||
|
||
- BCMath:
|
||
. The bcmod() function no longer truncates fractional numbers to integers. As
|
||
such, its behavior now follows fmod() rather than the `%` operator. For
|
||
example `bcmod('4', '3.5')` now returns '0.5' instead of '1'.
|
||
|
||
- Hash:
|
||
. The hash_hmac(), hash_hmac_file(), hash_pbkdf2() and hash_init() (with
|
||
HASH_HMAC) functions no longer accept non-cryptographic hashes.
|
||
|
||
- JSON
|
||
. The json_decode() option JSON_OBJECT_AS_ARRAY is used if the second
|
||
parameter (assoc) is null. Previously JSON_OBJECT_AS_ARRAY was always
|
||
ignored.
|
||
|
||
- Session:
|
||
. Removed register_globals related code and "!" can be used as $_SESSION key name.
|
||
. Session is made to manage session status correctly and prevents invalid operations.
|
||
Only inappropriate codes are affected by this change. If you have problems with this,
|
||
it means you have problem in your code.
|
||
. Functions are made to set or return correct session status.
|
||
session_start(), session_status(), session_regenerate_id()
|
||
. Functions are made to return bool from null. These functions have void parameter
|
||
and void parameter is checked.
|
||
session_unset(), session_write_close()/session_commit(), session_abort(),
|
||
session_reset()
|
||
. Functions prohibit invalid operations with regard to session status and
|
||
HTTP header status, returns correct bool return value.
|
||
session_start(), session_set_cookie_params(), session_name(), session_module_name(),
|
||
session_set_save_handler(), session_regenerate_id(), session_cache_limiter(),
|
||
session_cache_expire(), session_unset(), session_destroy(),
|
||
session_write_close()/session_commit(), session_reset()
|
||
. INI value change by ini_set() returns update status correctly. Invalid INI modifications
|
||
are checked and made to fail.
|
||
session.name, session.save_path, session.cookie_lifetime, session.cookie_path,
|
||
session.cookie_domain, session.cookie_httponly, session.cookie_secure,
|
||
session.use_cookies, session.use_only_cookies, session.use_strict_mode,
|
||
session.referer_check, session.cache_limiter, session.cache_expire,
|
||
session.lazy_write, session.save_handler, session.serialize_handler,
|
||
session.gc_probability, session.gc_divior, session.gc_maxlifetime,
|
||
. Some E_ERRORs are changed to E_WARNING since session status is managed correctly.
|
||
session_start()
|
||
. Session no longer initialize $_SESSION for invalid and useless session.
|
||
session_start()
|
||
. When headers are already sent and try to set new INI values, session_name(),
|
||
session_module_name(), session_save_path(), session_cache_limiter() and
|
||
session_cache_expire() are no longer works. Older PHPs accepts new values even
|
||
if new values will not be effective.
|
||
This new corrected behavior may affect command line mode CLI scripts that manage
|
||
sessions. Use output buffer just like web applications to resolve problems on
|
||
CLI scripts.
|
||
|
||
- Standard:
|
||
. Sequences generated by mt_rand() and rand() for a specific seed may differ
|
||
from PHP 7.1 on 64-bit machines. This change was necessary to resolve a
|
||
modulo bias bug in the implementation.
|
||
|
||
- IMAP:
|
||
Starting with 7.2.13, rsh/ssh logins are disabled by default. Use
|
||
imap.enable_insecure_rsh if you want to enable them. Note that the IMAP
|
||
library does not filter mailbox names before passing them to rsh/ssh
|
||
command, thus passing untrusted data to this function with rsh/ssh enabled
|
||
is insecure.
|
||
|
||
========================================
|
||
2. New Features
|
||
========================================
|
||
|
||
- Core:
|
||
. It is now possible to remove argument type annotations when overriding an
|
||
inherited method. This complies with contravariance of method argument types
|
||
under the Liskov Substitution Principle.
|
||
(https://wiki.php.net/rfc/parameter-no-type-variance)
|
||
. It is now allowed to override an abstract method with another abstract
|
||
method in a child class.
|
||
(https://wiki.php.net/rfc/allow-abstract-function-override)
|
||
. A trailing comma in group use statements is now allowed.
|
||
(https://wiki.php.net/rfc/list-syntax-trailing-commas)
|
||
. The "object" type annotation is now supported.
|
||
(https://wiki.php.net/rfc/object-typehint)
|
||
|
||
- DBA:
|
||
. Implemented support for the LMDB backend.
|
||
|
||
- JSON:
|
||
. Added JSON_INVALID_UTF8_IGNORE and JSON_INVALID_UTF8_SUBSTITUTE options for
|
||
json_encode() and json_decode() to ignore and replace invalid UTF-8 byte
|
||
sequences, respectively.
|
||
|
||
- OCI8:
|
||
. Added Oracle Database Transparent Application Failover (TAF) callback support.
|
||
|
||
- PCRE:
|
||
. Added `J` modifier for setting PCRE_DUPNAMES.
|
||
. Added `PREG_UNMATCHED_AS_NULL` flag to allow distinguish between unmatched
|
||
subpatterns and empty matches by reporting NULL and "" (empty string),
|
||
respectively.
|
||
|
||
- Sodium
|
||
. New cryptographic extension
|
||
|
||
- SQLite3:
|
||
. Implemented writing to BLOBs.
|
||
|
||
- Standard:
|
||
. Simplified password hashing API updated to support Argon2i hashes when PHP is compiled with libargon2
|
||
(https://wiki.php.net/rfc/argon2_password_hash).
|
||
. proc_nice() is now supported on Windows platforms.
|
||
|
||
- Zip:
|
||
. read/write encrypted archive, relying on libzip 1.2.0,
|
||
using new methods:
|
||
ZipArchive::setEncryptionName($name, $method [, $password]);
|
||
ZipArchive::setEncryptionIndex($index, $method [, $password]);
|
||
and new constants:
|
||
ZipArchive::EM_NONE
|
||
ZipArchive::EM_AES_128
|
||
ZipArchive::EM_AES_192
|
||
ZipArchive::EM_AES_256
|
||
. accept 'password' from zip stream context
|
||
. ZipArchive implements countable, added ZipArchive::count() method.
|
||
|
||
|
||
========================================
|
||
3. Changes in SAPI modules
|
||
========================================
|
||
|
||
========================================
|
||
4. Deprecated Functionality
|
||
========================================
|
||
|
||
All the deprecated functionality listed in the following will be removed in
|
||
PHP 8.0.
|
||
|
||
- Core:
|
||
. The track_errors ini directive has been deprecated.
|
||
. The __autoload() mechanism has been deprecated, use spl_autoload_register()
|
||
instead.
|
||
. The (unset) cast has been deprecated. This does not affect the unset($var)
|
||
language construct.
|
||
. The create_function() function has been deprecated, use anonymous functions
|
||
instead.
|
||
. The each() function has been deprecated, use a foreach loop instead.
|
||
. The $errcontext error handler argument has been deprecated. However, using
|
||
it does not trigger a deprecation warning for technical reasons.
|
||
|
||
- EXIF:
|
||
. The read_exif_data() alias has been deprecated, use exif_read_data() instead.
|
||
|
||
- GD:
|
||
. png2wbmp() and jpeg2wbmp() have been deprecated.
|
||
|
||
- GMP:
|
||
. The gmp_random() function has been deprecated, use gmp_random_bits() or
|
||
gmp_random_range() instead.
|
||
|
||
- Intl:
|
||
. INTL_IDNA_VARIANT_2003 has been deprecated; use INTL_IDNA_VARIANT_UTS46
|
||
instead.
|
||
|
||
- Mbstring:
|
||
. The mbstring.func_overload ini directive has been deprecated.
|
||
|
||
- Standard:
|
||
. Calling parse_str() without the result argument has been deprecated.
|
||
. Calling assert() with a string argument has been deprecated, use an ordinary
|
||
expression instead.
|
||
|
||
See also: https://wiki.php.net/rfc/deprecations_php_7_2
|
||
|
||
========================================
|
||
5. Changed Functions
|
||
========================================
|
||
|
||
- Standard:
|
||
. password_hash() can generate Argon2i hashes when the algorithm is set to PASSWORD_ARGON2I.
|
||
When using PASSWORD_ARGON2I, the following cost factors may be set: 'memory_cost', 'time_cost',
|
||
and 'threads'. These cost factors will default to 'PASSWORD_ARGON2_DEFAULT_MEMORY_COST',
|
||
'PASSWORD_ARGON2_DEFAULT_TIME_COST', and 'PASSWORD_ARGON2_DEFAULT_THREADS' respectively if not set.
|
||
. password_verify() can verify Argon2i hashes.
|
||
. password_get_info() and password_needs_rehash() can accept Argon2i hashes.
|
||
. mail()/mb_send_mail() accept array $extra_header. Array parameter is checked against RFC 2822.
|
||
Array format is
|
||
$extra_headers = [
|
||
'Header-Name' => 'Header value',
|
||
'Multiple' => ['One header', 'Another header'],
|
||
'Multiline' = "FirstLine\r\n SecondLine",
|
||
];
|
||
. count() now raises a warning when an invalid parameter is passed.
|
||
Only arrays and objects implementing the Countable interface should be passed.
|
||
. pack() and unpack() now support float and double in both little and big endian.
|
||
. number_format() ensures zero values never contain a negative sign.
|
||
|
||
- XML:
|
||
. utf8_encode() and utf8_decode() have been moved to the Standard extension
|
||
as string functions.
|
||
|
||
========================================
|
||
6. New Functions
|
||
========================================
|
||
|
||
- Core:
|
||
. Added stream_isatty().
|
||
. Added sapi_windows_vt100_support().
|
||
|
||
- DOM:
|
||
. DomNodeList implements Countable, added DomNodeList::count().
|
||
. DOMNamedNodeMap implements Countable, added DOMNamedNodeMap::count().
|
||
|
||
- FTP:
|
||
. Added ftp_append().
|
||
|
||
- GD:
|
||
. Added imagesetclip() and imagegetclip().
|
||
. Added imageopenpolygon().
|
||
. Added imageresolution().
|
||
. Added imagecreatefrombmp() and imagebmp().
|
||
|
||
- Hash:
|
||
. Added hash_hmac_algos().
|
||
|
||
- Mbstring:
|
||
. Added mb_chr() and mb_ord().
|
||
. Added mb_scrub() that scrubs broken multibyte strings.
|
||
|
||
- OCI8:
|
||
. Added oci_register_taf_callback() and oci_unregister_taf_callback() for
|
||
Oracle Database TAF callback support.
|
||
|
||
- Sockets:
|
||
. Added socket_addrinfo_lookup(), socket_addrinfo_connect(),
|
||
socket_addrinfo_bind() and socket_addrinfo_explain().
|
||
|
||
- SPL:
|
||
. Added spl_object_id().
|
||
|
||
========================================
|
||
7. New Classes and Interfaces
|
||
========================================
|
||
|
||
========================================
|
||
8. Removed Extensions and SAPIs
|
||
========================================
|
||
|
||
- Mcrypt:
|
||
. The deprecated mcrypt extension has been moved to PECL.
|
||
. libmcrypt has not been maintained since 2007 and the continued use of this
|
||
extension is strongly discouraged.
|
||
. Users are advised to use alternatives such as OpenSSL or libsodium.
|
||
|
||
========================================
|
||
9. Other Changes to Extensions
|
||
========================================
|
||
|
||
- EXIF:
|
||
. Added extended exif tag support for the following formats:
|
||
Samsung, DJI, Panasonic, Sony, Pentax, Minolta, Sigma/Foveon,
|
||
AGFA, Kyocera, Ricoh & Epson.
|
||
. exif_read_data() and exif_thumbnail() now supports a passed streams as their
|
||
first parameter.
|
||
|
||
- GD:
|
||
. Removed --enable-gd-native-ttf configuration option which was unused as
|
||
of PHP 5.5.0 anyway.
|
||
. imagegd() stores truecolor images as real truecolor images. Formerly, they
|
||
have been converted to palette.
|
||
. imageantialias() is now also available if compiled with a system libgd.
|
||
|
||
- Mbstring
|
||
. mb_check_encoding() accepts array parameter. Both key and value
|
||
encodings are checked recursively.
|
||
. mb_convert_encoding() accepts array parameter. Only value encodings
|
||
are converted recursively.
|
||
|
||
- PDO_OCI:
|
||
. The '--with-pdo-oci' configure syntax no longer needs the vesion number of the
|
||
Oracle Instant Client.
|
||
|
||
- pdo_sqlite
|
||
. Use sqlite3_prepare_v2() and sqlite3_close_v2() functions instead of their
|
||
legacy counterparts.
|
||
|
||
========================================
|
||
10. New Global Constants
|
||
========================================
|
||
|
||
- Core:
|
||
. PHP_FLOAT_DIG number of decimal digits, that can be rounded into a
|
||
float and back without precision loss
|
||
. PHP_FLOAT_EPSILON smallest representable positive number x, so then
|
||
x + 1.0 != 1.0
|
||
. PHP_FLOAT_MIN min representable float number
|
||
. PHP_FLOAT_MAX max representable float number
|
||
. PHP_OS_FAMILY current operating system family
|
||
|
||
- Fileinfo:
|
||
. FILEINFO_EXTENSION include list of possible file extensions
|
||
|
||
- GD:
|
||
. IMG_EFFECT_MULTIPLY
|
||
. IMG_BMP
|
||
|
||
- PCRE
|
||
. PREG_UNMATCHED_AS_NULL
|
||
|
||
- Standard:
|
||
. PASSWORD_ARGON2_DEFAULT_MEMORY_COST
|
||
. PASSWORD_ARGON2_DEFAULT_TIME_COST
|
||
. PASSWORD_ARGON2_DEFAULT_THREADS
|
||
. PASSWORD_ARGON2I
|
||
|
||
========================================
|
||
11. Changes to INI File Handling
|
||
========================================
|
||
|
||
- sql.safe_mode
|
||
. This INI directive has been removed.
|
||
|
||
- realpath_cache_size
|
||
. Set to 4096k by default
|
||
|
||
- opcache.fast_shutdown
|
||
. This INI directive has been removed. A variant of the fast_shutdown
|
||
process has been integrated into PHP core and is always enabled for
|
||
production builds if possible.
|
||
|
||
========================================
|
||
12. Windows Support
|
||
========================================
|
||
|
||
- Support for VT100 console mode
|
||
|
||
On systems starting with 10.0.10586, cmd.exe supports ANSI escape sequences.
|
||
The corresponding console mode is enabled by default on CLI on suitable
|
||
systems. As well, the function sapi_windows_vt100_support() is provided,
|
||
to control and query the corresponding information in the scripts.
|
||
|
||
========================================
|
||
13. Other Changes
|
||
========================================
|
||
|
||
- Build system
|
||
|
||
Autoconf minimal version is now 2.64.
|