See #80828 and the internals@ mailing list discussion at
https://externals.io/message/116543
Use libavifinfo's AvifInfoGetFeaturesStream() in php_handle_avif() to
get the width, height, bit depth and channel count from an AVIF
payload. Implement stream reading/skipping functions and data struct.
Use libavifinfo's AvifInfoIdentifyStream() in php_is_image_avif().
Update the expected features read from "test1pix.avif" in
getimagesize.phpt.
Closes GH-7711.
Most notably, this affects some Windows specific error messages, which
are no longer in the default language of the system, to better match
error messages provided by PHP which are not localized anyway.
This also affects the com_dotnet extension, where it could fix some
DCOM related issues. Furthermore, the constant `LOCALE_NEUTRAL` is
added, which can be used for `variant_cmp()`.
Closes GH-7613.
The purpose of mbstring is for working with Unicode and legacy text
encodings; but Base64, QPrint, etc. are not text encodings and don't
really belong in mbstring. PHP already contains separate implementations
of Base64, QPrint, and HTML entities. It will be better to eventually
remove these non-encodings from mbstring.
Regarding HTML entities... there is a bit more to say. mbstring's
implementation of HTML entities is different from the other built-in
implementation (htmlspecialchars and htmlentities). Those functions
convert <, >, and & to HTML entities, but mbstring does not.
It appears that the original author of mbstring intended for something
to be done with <, >, and &. He used a table to identify which
characters should be converted to HTML entities, and </>/& all have a
special value in that table. However, nothing ever checks for that
special value, so the characters are passed through unconverted.
This seems like a very useless implementation of HTML entities. The most
important characters which need to be expressed as entities in HTML
documents are those three!
This deprecates all callables that are accepted by
call_user_func($callable) but not by $callable(). In particular:
"self::method"
"parent::method"
"static::method"
["self", "method"]
["parent", "method"]
["static", "method"]
["Foo", "Bar::method"]
[new Foo, "Bar::method"]
RFC: https://wiki.php.net/rfc/deprecate_partially_supported_callables
Closes GH-7446.
Since Curl 7.72.0, it supports a new parameter
called `CURLINFO_EFFECTIVE_METHOD`, which returns the effect method
in HTTP(s) requests. This is similar to `CURLINFO_EFFECTIVE_URL`.
- https://curl.se/libcurl/c/CURLINFO_EFFECTIVE_METHOD.html
This adds support for CURLINFO_EFFECTIVE_URL if ext/curl is built
with libcurl >= 7.72.0 (0x074800).
Closes GH-7595.
public function clearError(): void {}
public function getStreamIndex(int $index, int $flags = 0) {}
public function getStreamName(string $name, int $flags = 0) {}
ZipArchive::getStream is kept for BC
See https://github.com/pierrejoye/php_zip/issues/20
This reverts commit ac34648cf6.
As pointed out on GH-6783, the new format doesn't match any of
the specified formats. Previously the constant generated
Thursday, 14-Jul-2005 22:30:41 BST
which is obsolete. Now it generates
Thu, 14-Jul-2005 22:30:41 BST
which is not specified at all. The correct version would be:
Thu, 14 Jul 2005 22:30:41 BST
Reverting the change for now.
Switch default cipher for openssl_pkcs7_encrypt() and
openssl_cms_encrypt() from RC2-40 to AES-128-CBC.
The RC2-40 cipher is considered insecure and is not loaded by
default in OpenSSL 3, which means that these functions will
always fail with default arguments.
As the used algorithm is embedded in the result (which makes this
different from the openssl_encrypt() case) changing the default
algorithm should be safe.
Closes GH-7357.
Propagating lossless conversion from libgd to our bundled gd.
Changing "quantization" to "quality" as in libgd.
Adding test.
IMG_WEBP_LOSSLESS is only defined, if lossless WebP encoding is
supported by the libgd used.
Closes GH-7348.
All other private keys are exported in PKCS#8 format, while EC
keys use traditional format. Switch them to use PKCS#8 format as
well.
As the OpenSSL docs say:
> PEM_write_bio_PrivateKey_traditional() writes out a private key
> in the "traditional" format with a simple private key marker and
> should only be used for compatibility with legacy programs.
Add support for readonly properties, for which only a single
initializing assignment from the declaring scope is allowed.
RFC: https://wiki.php.net/rfc/readonly_properties_v2
Closes GH-7089.
Deprecate automatically converting "false" into an empty array
on write operands. Autovivification continues to be supported
for "null" values, as well as undefined/uninitialized values.
RFC: https://wiki.php.net/rfc/autovivification_false
Closes GH-7131.
Co-authored-by: Tyson Andre <tysonandre775@hotmail.com>
Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>
Support acquiring a Closure to a callable using the syntax
func(...), $obj->method(...), etc. This is essentially a
shortcut for Closure::fromCallable().
RFC: https://wiki.php.net/rfc/first_class_callable_syntax
Closes GH-7019.
Co-Authored-By: Nikita Popov <nikita.ppv@gmail.com>
These are deprecated in favor of date()/DateTime::format() (for
locale-indendent formatting) and IntlDateFormatter::format()
(for locale-dependent formatting).
Part of https://wiki.php.net/rfc/deprecations_php_8_1.
Instead use ssl stream context options instead. The direct
equivalent would be crypto_method, but min_proto_version /
max_proto_version are recommended instead.
Part of https://wiki.php.net/rfc/deprecations_php_8_1.
Add support for new expressions inside parameter default values,
static variable initializers, global constant initializers and
attribute arguments.
RFC: https://wiki.php.net/rfc/new_in_initializers
Closes GH-7153.
There's a subtlety here regarding filter.default_flags. The RFC
stated that no separate deprecation warning will be emitted for
it, on the premise that it is only meaningful if filter.default
is set. However, it turns out that even FILTER_UNSAFE_RAW (which
is the "no-op filter") can be combined with stripping flags.
However, this is compensated by the fact that this doesn't actually
work when setting filter.default=unsafe_raw and non-default
filter.default_flags -- the flags are simply ignored in that case.
So everything works out in the end.
Part of https://wiki.php.net/rfc/deprecations_php_8_1.
The DB connection should be provided in all cases as the first argument.
The overloaded function signatures will be removed in the future.
Warn about this change.
Part of https://wiki.php.net/rfc/deprecations_php_8_1.
Static trait members may only be accessed through a class in which
the trait is used, not directly on the trait.
A complication here is that we should not store static
methods/properties for which a deprecation is triggered in a
cache slot. As the check for this is simple and cheap, I'm handling
this in the cache slot population code in the VM. The alternative
would be to pass the cache slot down into the fetching code.
Part of https://wiki.php.net/rfc/deprecations_php_8_1.
