php-src/UPGRADING

PHP 7.4 UPGRADE NOTES

1. Backward Incompatible Changes
2. New Features
3. Changes in SAPI modules
4. Deprecated Functionality
5. Changed Functions
6. New Functions
7. New Classes and Interfaces
8. Removed Extensions and SAPIs
9. Other Changes to Extensions
10. New Global Constants
11. Changes to INI File Handling
12. Windows Support
12. Migration to pkg-config
14. Other Changes
15. Performance Improvements


========================================
1. Backward Incompatible Changes
========================================

- Core:
  . Referencing parent:: inside a class that does not have a parent will now
    generate a compile-time error. Previously the error was only emitted at
    run-time.

- Curl:
  . Attempting to serialize a CURLFile class will now generate an exception.
    Previously the exception was only thrown on unserialization.

- Date:
  . Calling var_dump() or similar on a DateTime(Immutable) instance will no
    longer leave behind accessible properties on the object.

- Intl:
  . The default parameter value of idn_to_ascii() and idn_to_utf8() is now
    INTL_IDNA_VARIANT_UTS46 instead of the deprecated INTL_IDNA_VARIANT_2003.

- Openssl:
  . The openssl_random_pseudo_bytes() function will now throw an exception in
    error situations, similar to random_bytes(). In particular, an Error is
    thrown if the number of requested bytes is smaller *or equal* than zero,
    and an Exception is thrown is sufficient randomness cannot be gathered.
    The $crypto_strong output argument is guaranteed to always be true if the
    function does not throw, so explicitly checking it is not necessary.
    RFC: http://php.net/manual/de/function.openssl-random-pseudo-bytes.php

- PDO:
  . Attempting to serialize a PDO or PDOStatement instance will now generate
    an Exception rather than a PDOException, consistent with other internal
    classes which do not support serialization.

- Reflection:
  . Reflection objects will now generate an exception if an attempt is made
    to serialize them. Serialization for reflection objects was never
    supported and resulted in corrupted reflection objects. It has been
    explicitly prohibited now.

- SPL:
  . Calling get_object_vars() on an ArrayObject instance will now always return
    the properties of the ArrayObject itself (or a subclass). Previously it
    returned the values of the wrapped array/object unless the STD_PROP_LIST
    flag was specified. Other affected operations are:

     * ReflectionObject::getProperties()
     * reset(), current(), etc. Use Iterator methods instead.
     * Potentially others working on object properties as a list.

    (array) casts are *not* affected. They will continue to return either the
    wrapped array, or the ArrayObject properties, depending on whether the
    STD_PROP_LIST flag is used.
  . SplPriorityQueue::setExtractFlags() will throw an exception if zero is
    passed. Previously this would generate a recoverable fatal error on the
    next extraction operation.

========================================
2. New Features
========================================

- Core:
  . Added support for typed properties. For example:

        class User {
            public int $id;
            public string $name;
        }

    This will enforce that $user->id can only be assigned integer and
    $user->name can only be assigned strings. For more information see the
    RFC: https://wiki.php.net/rfc/typed_properties_v2
  . Added support for coalesce assign (??=) operator. For example:

        $array['key'] ??= computeDefault();
        // is roughly equivalent to
        if (!isset($array['key'])) {
            $array['key'] = computeDefault();
        }

    RFC: https://wiki.php.net/rfc/null_coalesce_equal_operator

- FFI:
  . A new extension which provides a simple way to call native functions, access
    native variables and create/access data structures defined in C libraries.
    RFC: https://wiki.php.net/rfc/ffi

- OPcache:
  . Support for preloading code has been added.
    RFC: https://wiki.php.net/rfc/preload

- PDO_OCI:
  . PDOStatement::getColumnMeta() is now available

- PDO_SQLite:
  . PDOStatement::getAttribute(PDO::SQLITE_ATTR_READONLY_STATEMENT) allows to
    check whether this statement is read-only, i.e. whether it doesn't modify
    the database.

========================================
3. Changes in SAPI modules
========================================

========================================
4. Deprecated Functionality
========================================

- Core:
  . Unbinding $this of a non-static method through a combination of
    ReflectionMethod::getClosure() and closure rebinding is deprecated. Doing
    so is equivalent to calling a non-static method statically, which has been
    deprecated since PHP 7.0.

========================================
5. Changed Functions
========================================

- SPL:
  . SplFileObject::fputcsv(), ::fgetcsv() and ::setCsvControl() now accept an
    empty string as $escape argument, which disables the propriertary PHP
    escaping mechanism. SplFileObject::getCsvControl() now may also return an
    empty string for the third array element, accordingly.

- Standard:
  . fputcsv() and fgetcsv() now accept an empty string as $escape argument,
    which disables the propriertary PHP escaping mechanism. The behavior of
    str_getcsv() has been adjusted accordingly (formerly, an empty string was
    identical to using the default).

========================================
6. New Functions
========================================

- OpenSSL:
  . Added openssl_x509_verify(mixed cert, mixed key) function that verifies the
    signature of the certificate using a public key. A wrapper around the
    OpenSSL's X509_verify() function.
    See <https://github.com/php/php-src/pull/3624>.

- SQLite3:
  . Added SQLite3Stmt::getSQL() to retrieve the SQL of the statement. If TRUE is
    passed as parameter, query parameters will be replaced in the return value
    by their currently bound value, if libsqlite ≥ 3.14 is used.

========================================
7. New Classes and Interfaces
========================================

========================================
8. Removed Extensions and SAPIs
========================================

========================================
9. Other Changes to Extensions
========================================

- GD:
  . The behavior of imagecropauto() in the bundled libgd has been synced with
    that of system libgd:
     * IMG_CROP_DEFAULT is no longer falling back to IMG_CROP_SIDES
     * Threshold-cropping now uses the algorithm of system libgd
  . The default $mode parameter of imagecropauto() has been changed to
    IMG_CROP_DEFAULT; passing -1 is now deprecated.
  . imagescale() now supports aspect ratio preserving scaling to a fixed height
    by passing -1 as $new_width.

- Hash:
  . The hash extension cannot be disabled anymore and is always an integral
    part of any PHP build, similar to the date extension.

- Intl:
  . The Intl extension now requires at least ICU 50.1.

- Libxml:
  . All libxml based extensions now require libxml 2.7.6 or newer.

- Reflection:
  . Numeric value of class, property, function and constant modifiers was
    changed. Don't filter methods and properties through
    ReflectionClass::getMethods() and ReflectionClass::getProperties(), or test
    results of Reflection...::getModifiers(), using hard-coded numeric values.
    Use corresponding constants instead (e.g. ReflectionMethod::IS_PUBLIC).

- SQLite3:
  . The bundled libsqlite has been removed.  To build the SQLite3 extension
    a system libsqlite3 ≥ 3.7.4 is now required. To build the PDO_SQLite
    extension a system libsqlite3 ≥ 3.5.0 is now required.
  . (Un)serialization of SQLite3, SQLite3Stmt and SQLite3Result is now explicitly
    forbidden. Formerly, serialization of instances of these classes was
    possible, but unserialization yielded unusable objects.
  . The @param notation can now also be used to denote SQL query parameters.

- Zip:
  . The bundled libzip library has been removed. A system libzip >= 0.11 is now
    necessary to build the extension.

========================================
10. New Global Constants
========================================

- Tidy:
  . TIDY_TAG_ARTICLE
  . TIDY_TAG_ASIDE
  . TIDY_TAG_AUDIO
  . TIDY_TAG_BDI
  . TIDY_TAG_CANVAS
  . TIDY_TAG_COMMAND
  . TIDY_TAG_DATALIST
  . TIDY_TAG_DETAILS
  . TIDY_TAG_DIALOG
  . TIDY_TAG_FIGCAPTION
  . TIDY_TAG_FIGURE
  . TIDY_TAG_FOOTER
  . TIDY_TAG_HEADER
  . TIDY_TAG_HGROUP
  . TIDY_TAG_MAIN
  . TIDY_TAG_MARK
  . TIDY_TAG_MENUITEM
  . TIDY_TAG_METER
  . TIDY_TAG_NAV
  . TIDY_TAG_OUTPUT
  . TIDY_TAG_PROGRESS
  . TIDY_TAG_SECTION
  . TIDY_TAG_SOURCE
  . TIDY_TAG_SUMMARY
  . TIDY_TAG_TEMPLATE
  . TIDY_TAG_TIME
  . TIDY_TAG_TRACK
  . TIDY_TAG_VIDEO

========================================
11. Changes to INI File Handling
========================================

========================================
12. Windows Support
========================================

- stat:
  . The stat implementation has been refactored.
    - An inode number is delivered and is based on the NTFS file index.
    - The device number is now based on the volume serial number.

  Note, that both values derived from the system and provided as is on 64-bit
  systems. On 32-bit system, these values might overflow the 32-bit integer in
  PHP, so they're a fake.

========================================
13. Migration to pkg-config
========================================

A number of extensions have been migrated to exclusively use pkg-config for
the detection of library dependencies. Generally, this means that instead of
using --with-foo-dir=DIR or similar only --with-foo is used. Custom library
paths can be specified either by adding additional directories to
PKG_CONFIG_PATH or by explicitly specifying compilation options through
FOO_CFLAGS and FOO_LIBS.

The following extensions are affected:

- Curl:
  . --with-curl no longer accepts a directory.

- Intl:
  . --with-icu-dir has been removed. If --enable-intl is passed, then libicu is
    always required.

- OpenSSL:
  . --with-openssl no longer accepts a directory.

- PCRE:
  . --with-pcre-regex has been removed. Instead --with-external-pcre is provided
    to opt into using an external PCRE library, rather than the bundled one.

- GD:
  . --with-gd becomes --enable-gd (whether to enable the extension at all) and
    --with-external-gd (to opt into using an external libgd, rather than the
    bundled one).
  . --with-png-dir has been removed. libpng is required.
  . --with-zlib-dir has been removed. zlib is required.
  . --with-freetype-dir becomes --with-freetype.
  . --with-jpeg-dir becomes --with-jpeg.
  . --with-webp-dir becomes --with-webp.
  . --with-xpm-dir becomes --with-xpm.

========================================
14. Other Changes
========================================

========================================
15. Performance Improvements
========================================

- Core:
  . A specialized VM opcode for the array_key_exists() function has been added,
    which improves performance of this function if it can be statically
    resolved. In namespaced code, this may require writing \array_key_exists()
    or explicitly importing the function.