Besides the common `:param` notation to designate named parameters in
prepared statements, SQLite3 also supports `@param` and `$param`.
While the latter is mostly to support the Tcl programming language, and
would be confusing for PHP's sqlite3 binding due to the similarity with
string interpolation, the former is common under .NET and raises no
such issue. Therefore we add support for it.
This patch has been developed in cooperation with @BohwaZ.
It is possible to pass flags when opening an SQLite database. For
Sqlite < 3.5.0 these are ignored, since `sqlite3_open` doesn't support
flags. Neither a warning or notice is raised in this case, nor is this
behavior documented in the PHP manual. Instead of fixing it either
way, we lift the requirement to SQLite 3.5.0 (released on 2007-09-04)
instead of the former SQLite 3.3.9 (released on 2007-01-04).
Static calls to non-static methods have been fully deprecated in
PHP 7.0 as part of https://wiki.php.net/rfc/reclassify_e_strict.
A combination of ReflectionMethod::getClosure() ("fake closures")
and Closure::bindTo() etc can be used to achieve the same behavior.
This commit ensures that a deprecation notice will be thrown also
in this case.
Some INI processors allow to specify empty values by just giving the
key without the equals sign, for instance MySQL and Python. It appears
to be sensible to add this possibility to our INI parser, so that it
can be used for such INI files as well. We choose NULL as the value of
empty values.
This syntactical enhancement is a (minor) BC break, though, as can be
seen by the necessary change to bug49692.ini. The “comment” formerly
has been simply ignored, but now it would be parsed as key with an
empty value.
This PR is based on Adam's former patch.
According to the “Deprecate and remove INTL_IDNA_VARIANT_2003” RFC[1],
we change the default of the $variant parameter of `idn_to_ascii()` and
`idn_to_utf8()` from `INTL_IDNA_VARIANT_2003` to
`INTL_IDNA_VARIANT_UTS46`.
[1] <https://wiki.php.net/rfc/deprecate-and-remove-intl_idna_variant_2003>
Given that ICU is a set of lively developed libraries, that ICU 50.1
has been released on 2012-11-05, and PHP 7.4 is scheduled to be
released seven years after it, we consider it appropriate to ditch
these legacy versions.
Particularly, that would be a reasonable groundwork to implement part
two of the “Deprecate and remove INTL_IDNA_VARIANT_2003” RFC[1], namely
to default idn_to_ascii()'s and idn_to_utf8()'s $variant parameter to
INTL_IDNA_VARIANT_UTS46, which is not defined in ICU < 4.6.
See also the related discussion on internals@[2].
[1] <https://wiki.php.net/rfc/deprecate-and-remove-intl_idna_variant_2003>
[2] <http://news.php.net/php.internals/101626>ff
Before this change, var_export()'s output for stdClass objects calls
the non-existent stdClass::__set_state method, and is therefore useless.
This commit makes var_export() output an (object) cast from an array
instead, which when evaluated, will produce a stdClass object. Other
classes see unchanged output.
The IPv6 IP of a socket is provided by inet_ntop() as a string, but
this function doesn't enclose the IP in brackets. This patch adds
them in the php_network_populate_name_from_sockaddr() function.
Don't automatically convert literal string keys to integers on
array access, as we may be dealing with an ArrayAccess object,
rather than a plain array.
The upgrade to PCRE2 should mostly be transparent to existing code, but
apparently there are some minor differences, which warrant a note in
UPGRADING (and consequently, in the migration guide).
In PHP static properties are shared between inheriting classes,
unless they are explicitly overwritten. However, because this
functionality was implemented using reference, it was possible
to break the implementation by reassigning the static property
reference.
This is fixed by switching the implementation from using references
to using INDIRECTs, which cannot be affected by userland code.
The sole purpose of `PHPDBG_FILE`, `PHPDBG_METHOD`, `PHPDBG_LINENO` and
`PHPDBG_FUNC` has been to be passed as first argument to `phpdbg_break`.
However, this functions is replaced as of PHP 5.6.3 by
`phpdbg_break_file`, `phpdbg_break_method` and 'phpdbg_break_func`,
respectively. Therefore, we're finally removing the useless constants.
- m4 and Windows configure scripts now forces Argon2 reference library version >= 20161029
- Implementation tested against 20161029 and 20171227 for Argon2id support
- Updates Argon2 ext/standard/password/tests to run tests for both Argon2i and Argon2id
I've introduced a new CompileError type, from which ParseError
inherits. These errors are not parse errors in the narrow sense
of the term, even though they happen to be generated during
parsing in our implementation. Additionally reusing the ParseError
class for this purpose would change existing error messages (if
the exception is not caught) from a "Fatal error:" to a "Parse
error:" prefix, and also the error kind from E_COMPILE_ERROR to
E_PARSE.
According to https://wiki.php.net/rfc/image2wbmp, we deprecate
`image2wbmp()`, rename the `$threshold` parameter to `$foreground`, and
remove superfluous code.
RFC: https://wiki.php.net/rfc/flexible_heredoc_nowdoc_syntaxes
* The ending label no longer has to be followed by a semicolon or
newline. Any non-label character is fine.
* The ending label may be indented. The indentation will be stripped
from all lines in the heredoc/nowdoc string.
Lexing of heredoc strings performs a scan-ahead to determine the
indentation of the ending label, so that the correct amount of
indentation can be removed when calculting the semantic values for
use by the parser. This makes the implementation quite a bit more
complicated than we would like :/
A set of hard-coded thousand separator characters (presently, `',.`) is
somewhat limited (users may prefer other separators, such as spaces or
underscores), as well as somewhat too liberal (arbitrary combinations
of different thousand separators are presently possible). Therefore we
introduce a `thousand` option analogous to `decimal`, which allows to
define the desired thousand separators as non-empty string, defaulting
to `',.`. While we easily could support empty strings here as well,
that would not make much sense, since this behavior can more easily be
accomplished by not setting the `FILTER_FLAG_ALLOW_THOUSAND` flag in
the first place.
The existence of the following functions is now guaranteed:
* curl_escape()
* curl_unescape()
* curl_multi_setopt()
libcurl 7.15.5 has been released 11.5 years ago and is available
even in RHEL 5.
This reverts commit c3717d9aec.
The final mitigation of the consequences with spectre should be
discussed more also with the regard to the happenings on the
developments. Right now a preliminary mitigation might be wrong or
suboptimal, thus reverting this.
The recently discovered security flaw Spectre requires a high resolution
timer. To the today's knowledge, PHP can't be used to create an attack for
this flaw. Still some concerns were raised, that there might be impact in
shared hosting environments. This patch adds a possibility to reduce the
timer resolution by an ini setting, thus giving administrators full
control. Especially, as the flaw was also demonstrated by an abuse of
the JS engine in a browser, Firefox reduced several time sources to 20us.
Any programming language, that doesn't compile to JIT, won't be able to
produce an attack vector for Meltdown and Spectre, at least by todays
knowledge. There are also other factors that say that the security
concern on the hrtime feature is to the big part not justified, still we
aim JIT in the future. Thus, adding a possibility to control the timer
resolution is a good and small enough tradeoff for safety and future.
convert_scalar_to_number() will now call cast_object() with an
_IS_NUMBER argument, in which case the cast handler should return
either an integer or floating point number, whichever is more
appropriate.
Previously convert_scalar_to_number() unconditionally converted
objects to integers instead.
Fixes bug #53033.
Fixes bug #54973.
Fixes bug #73108.
The existence of the following functions is now guaranteed:
* curl_reset()
* curl_strerror()
* curl_multi_strerror()
* curl_share_strerror()
libcurl 7.12.1 has been released more than 13 years ago and is
available even in RHEL 4.
This change may result in different mt_rand/rand sequences being
generated on 64-bit systems for a specific seed.
See also https://externals.io/message/100229.
This patch however does not drop support for the BeOS compatible variant, Haiku, see Github PR #2697 which is currently a WiP
I intentionally left out some fragments for BeOS in the build system for that seems to be bundles
It no longer includes a way to generate XML documentation (the PHP documentation utilities already got tools for that in svn under phpdoc/doc-base) and it no longer support function stubs.
$ php ext_skel.php --help
php ext_skel.php --ext=<name> [--experimental] [--author=<name>]
[--dir=<path>] [--std] [--onlyunix]
[--onlywindows] [--help]
--ext=<name> The name of the extension defined as <name>
--experimental Passed if this extension is experimental, this creates
the EXPERIMENTAL file in the root of the extension
--author=<name> Your name, this is used if --header is passed and
for the CREDITS file
--dir=<path> Path to the directory for where extension should be
created. Defaults to the directory of where this script
lives
--std If passed, the standard header and vim rules footer used
in extensions that is included in the core, will be used
--onlyunix Only generate configure scripts for Unix
--onlywindows Only generate configure scripts for Windows
--help This help
Example usage:
$ php ext_skel.php --ext test --std --experimental
$ php ext_skel.php --ext kalle --author "Kalle Sommer Nielsen"
$ php ext_skel.php --ext phpfi --dir "/home/kalle/dev/" --onlyunix
* pull-request/2528:
Change flags to use SQLITE3_OPEN_READ* constants instead of a fake-boolean, add tests on errors
Implement writing to BLOBs in SQLite3
bcmod() no longer truncates fractionals to integers. This matches
the behavior of fmod(). It also matches the behavior of bcpowmod().
It also matches the behavior of bcmod() in HHVM.
We add PHP bindings for libgd's features to read and write BMP files, which
are available as of libgd 2.1.0.
As PHP's bundled libgd doesn't yet include the respective features of the
external libgd, we add these.
If this does not break the Unix system somehow, I'll be amazed. This should get most of it out, apologies for any errors this may cause on non-Windows ends which I cannot test atm.
The core implementation details are described in win32/nice.c for values sent to proc_nice(), these can however be discussed to maybe comply with those of wmic, Anatol, thoughts?
The test supplied uses wmic for testing the functionality, it could potentially fail on systems where either wmic is not available or the system language is not english (as Microsoft tends to translate even CLI programs).
We add WebP support for getimagesize(), getimagesizefromstring)(),
image_type_to_extension() and image_type_to_mime_type(). For now we
care only about the simple lossy WebP format (VP8) and ignore the
lossless (VP8L) and extended (VP8X) formats. We use image/webp as MIME
type as it appears to be pretty common, even though it is not yet
registered with IANA.
Relevant specifications:
* <https://developers.google.com/speed/webp/docs/riff_container>
* <https://tools.ietf.org/html/rfc6386>
gdLayerMultiply() has been introduced in libgd 2.1.1, and as such would have
been already available for imagelayereffect() with a system libgd. We port
the respective code to the bundled libgd, and also make IMG_EFFECT_MULTIPLY
available to userland.
Instead of rolling our own in the bundled libgd, we use libgd's anti-aliased
drawing API. This way imageantialias() is also available, when built against
a system libgd.
Otherwise we're missing the "expected to be a reference, value
given" warning that appears for ordinary calls to call_user_func().
Also update an UPGRADING note with recent changes wrt
call_user_func().
The GD image format is able to handle truecolor images as of libgd 2.0.12
(<https://github.com/libgd/libgd/blob/gd-2.2.3/src/gd_gd.c#L31-L33>).
Therefore we don't need the potentially lossy and time consuming palette
conversion.
This way, imagegd() can also be used to export raw truecolor image data.
This is one of the last old and odd deprecated settings we still have in PHP, it was never fully implemented in all the database extensions and should probably have been gone back in 5.4, along with safe_mode. Although if my memory strikes me right, mysql was also supporting it back then, but not mysqli.
So far only interbase was supporting this feature, and the removal of it causes two effects for interbase:
- CREATE DATABASE is now allowed no matter
- The default database set by php.ini (ibase.default_db) is no longer forced
http://php.net/ini.core#ini.sql.safe-mode
We don't want ReflectionMethod::invoke() to simply ignore its first argument,
if the method to invoke is a static method. Instead we match its ZPP with
that of ReflectionMethod::invokeArgs(). Furthermore, we apply the DRY
principle by factoring out the code to a common helper function to prevent
inadvertent future divergence of the implementations of both methods.
As can be seen from the necessity to adapt some test cases, this causes a
BC break for some pathological cases. Therefore we apply this patch to PHP
7.1 only, which is still in beta phase.
* rng-fixes:
Fix legacy mode RAND_RANGE and 32/64-bit consistency
Fix crypt salt not being converted to b64
Make mode selection part of mt_srand()
Use zend_bitset
Improve array_rand distribution
Fix some insecure usages of php_rand
Alias rand to mt_rand
Fix RAND_RANGE for mt_rand
Fix mt_rand impl. Provide legacy impl. access.
Split rand and mt_rand into separate files
