Fix folding for the new helper method.
Clarify comment in UPGRADING:
The performance on associative arrays would also improve,
as long as no offsets were unset (no gaps).
Packed arrays can have gaps.
Closes GH-4873.
[ci skip]
If the offset is 100000, and there are no gaps in the packed/unpacked array,
then advance the pointer once by 100000,
instead of looping and skipping 100000 times.
Add a new test of array_slice handling unset offsets.
Closes GH-4860.
Add deprecated _ZendTestClass::__toString() method to preserve
an existing test.
ReflectionType::__toString() will now return a complete
representation of the type, as it should have originally. Users
that relied on nullability being absent should have been pushed
to ReflectionNamedType::getName() by the deprecation of
ReflectionType::__toString() in PHP 7.1 / PHP 7.4.
The fdiv() function is part of the fmod() / intdiv() family. It
implements a floating-point division with IEEE-754 semantics.
That is, division by zero is considered well-defined and does not
trigger any kind of diagnostic. Instead one of INF, -INF or NAN
will be returned, depending on the case.
This is in preparation for throwing DivisionByZeroError from the
standard division operator.
This removes object auto-vivification support.
This also means that we can remove the corresponding special
handling for typed properites: We no longer need to check that a
property is convertible to stdClass if such a conversion might
take place indirectly due to a nested property write.
Additionally OBJ_W style operations now no longer modify the
object operand, and as such we no longer need to treat op1 as a
def in SSA form.
The next step would be to actually compile the whole LHS of OBJ_W
operations in R rather than W mode, but that causes issues with
SimpleXML, whose object handlers depend on the current compilation
structure.
Part of https://wiki.php.net/rfc/engine_warnings.
While we generally prefer objects over resources for quite a while, the
procedural XMLWriter API still uses resources, although there is
already an object-oriented API which uses objects. This dichotomy
makes no sense, slightly complicates the implementation, and doesn't
allow a stepwise migration to the object-oriented API, which might be
desired. Thus we completely drop the XMLWriter resources in favor of
XMLWriter objects.
We consider the minor BC break acceptable for a major version, since
only explicit type checks (`is_resource()`, `gettype()` etc.) need to
be adapted.
The AI_IDN_ALLOW_UNASSIGNED and AI_IDN_USE_STD3_ASCII_RULES have
been deprecated by glibcs, and PHP 7.4 follows this deprecation.
This removes the offending flags for PHP 8.0.
Due to former restrictions of the libcurl API, curl multipart/formdata
file uploads supported only proper files. However, as of curl 7.56.0
the new `curl_mime_*()` API is available (and already supported by
PHP[1]), which allows us to support arbitrary *seekable* streams, which
is generally desirable, and particularly resolves issues with the
transparent Unicode and long part support on Windows (see bug #77711).
Note that older curl versions are still supported, but CURLFile is
still restricted to proper files in this case.
[1] <http://git.php.net/?p=php-src.git;a=commit;h=a83b68ba56714bfa06737a61af795460caa4a105>
Arbitrary DateInterval objects don't have well-defined comparison
semantics. Throw a warning and treat the objects as uncomparable.
Support for comparing DateInterval objects returned by
DateTime::diff() may be added in the future.
Use an XmlParser object instead of a resource. This is an internal
representation change, not a conversion to OO APIs. XmlParser objects
cannot be explicitly constructed, they are created through the usual
xml_parser_* APIs.
This change allows us to provide a proper get_gc() implementation,
thus resolving bugs #72793 and #76874.
xml_parser_free() is a no-op now and need not be called anymore.
php_filter_int (called via the constant FILTER_VALIDATE_INT) has the options min_range
and max_range. they allow the user to not only test if a value is a double but also if
the value is inside a specific range. php_filter_float (called via the constant
FILTER_VALIDATE_FLOAT) didn't provide this yet, making validation of numeric but
not-only-int values more complicated for the user.
this commits implements the options min_range and max_range for the function
php_filter_float to fix this inconsistency.
We currently have a large performance problem when implementing lexers
working on UTF-8 strings in PHP. This kind of code tends to perform a
large number of matches at different offsets on a single string. This
is generally fast. However, if /u mode is used, the full string will
be UTF-8 validated on each match. This results in quadratic runtime.
This patch fixes the issue by adding a IS_STR_VALID_UTF8 flag, which
is set when we have determined that the string is valid UTF8 and
further validation is skipped.
A limitation of this approach is that we can't set the flag for interned
strings. I think this is not a problem for this use-case which will
generally work on dynamic data. If we want to use this flag for other
purposes as well (mbstring?) then it might be worthwhile to UTF-8 validate
strings during interning. But right now this doesn't seem useful.
This variant of crc32 is heavily used by storage systems, such as iSCSI, SCTP,
Btrfs, ext4, and is increasingly being used in API (such as Google Cloud
Storage, and Apache Kafka).
This reverts commit a9e6667817.
Breakage found in the wild: Mockery uses a parent:: call in the
implementation regardless of whether the class has a parent or not:
4324afeaf9/library/Mockery/Mock.php (L600)
This change is not worth the compat break in 7.4.
This code is not compatible with PHP 7.0. The fact that nobody
complained that the mysqli embedded server functionality doesn't
build anymore seems like a strong signal that we can drop it...
Do not include unbound anonymous classes in get_declared_classes().
Note that earlier PHP versions would include the anonymous class in
get_declared_classes(), and return false until the class was bound,
but would not crash.
As of PHP 7.3.0, case-insensitive constants are deprecated. We catch
up on this with regard to ext/com_dotnet, which allows to import
constants from typelibs, by triggering a deprecation notice whenever
`com_load_typelib()` is called with `$case_sensitive` being `false`,
and whenever `com.autoregister_casesensitive` is set to `false`,
regardless of whether there are actually constants in the typelib which
would be imported.
SO_USER_COOKIE primarly to be traced via dtrace instrumentation.
If SO_USER_COOKIE is available, the rest is so the former is
two years old while the rest is from around 2008.
I'm removing the argument entirely here, but we might want to change
this to passing null or and empty array instead, if the impact of
dropping it entirely turns out to be too large.
This was deprecated as part of https://wiki.php.net/rfc/deprecations_php_7_2
as a doc-only deprecation.
I'm counting this towards the non-string needle deprecation from
https://wiki.php.net/rfc/deprecations_php_7_3. I wasn't aware that
mb_ereg_replace() is also affected by this issue. It's even more
ridiculous than usual here, because the integer is interpreted as
an ASCII codepoint, even though these are supposed to be multibyte
functions :(
Access to undefined constants will now always result in an Error
exception being thrown.
This required quite a few test changes, because there were many
buggy tests that unintentionally used bareword fallback in combination
with error suppression.
There are probably some improvements we can do to the SPL
implementation now that __autoload() is gone. In particular having
EG(autoload_func) as a property zend function, rather than a simple
callback probably doesn't make sense.
This is part of https://wiki.php.net/rfc/case_insensitive_constant_deprecation.
This commit only removes the ability to declare such constants from
userland. Before the functionality can be removed entirely, it's
necessary to figure out the handling of true/false/null first.
RFC: https://wiki.php.net/rfc/null_coalesce_equal_operator
$a ??= $b is $a ?? ($a = $b), with the difference that $a is only
evaluated once, to the degree that this is possible. In particular
in $a[foo()] ?? $b function foo() is only ever called once.
However, the variable access themselves will be reevaluated.
Formerly, a single option `--with-gd` was sufficient to enable the
extension, and to determine whether to use the system or the bundled
libgd depending on whether a directory was passed. Since pkg-config
determines the path automatically, we now offer `--enable-gd` (whether
the extension should be build) and `--with-external-gd` (whether to use
the system libgd).
RFC: https://wiki.php.net/rfc/typed_properties_v2
This is a squash of PR #3734, which is a squash of PR #3313.
Co-authored-by: Bob Weinand <bobwei9@hotmail.com>
Co-authored-by: Joe Watkins <krakjoe@php.net>
Co-authored-by: Dmitry Stogov <dmitry@zend.com>
We already detect the case where we're entirely outside a class --
now also check whether there actually is a parent.
This is a minor BC break, in that code that was never executed
might have previously contained an invalid parent:: reference without
generating an error.
Albeit CSV is still a widespread data exchange format, it has never been
officially standardized. There exists, however, the “informational” RFC
4180[1] which has no notion of escape characters, but rather defines
`escaped` as strings enclosed in double-quotes where contained
double-quotes have to be doubled. While this concept is supported by
PHP's implementation (`$enclosure`), the `$escape` sometimes interferes,
so that `fgetcsv()` is unable to correctly parse externally generated
CSV, and `fputcsv()` is sometimes generating non-compliant CSV. Since
PHP's `$escape` concept is availble for many years, we cannot drop it
for BC reasons (even though many consider it as bug). Instead we allow
to pass an empty string as `$escape` parameter to the respective
functions, which results in ignoring/omitting any escaping, and as such
is more inline with RFC 4180. It is noteworthy that this is almost no
userland BC break, since formerly most functions did not accept an empty
string, and failed in this case. The only exception was `str_getcsv()`
which did accept an empty string, and used a backslash as escape
character then (which appears to be unintended behavior, anyway).
The changed functions are `fputcsv()`, `fgetcsv()` and `str_getcsv()`,
and also the `::setCsvControl()`, `::getCsvControl()`, `::fputcsv()`,
and `::fgetcsv()` methods of `SplFileObject`.
The implementation also changes the type of the escape parameter of the
PHP_APIs `php_fgetcsv()` and `php_fputcsv()` from `char` to `int`, where
`PHP_CSV_NO_ESCAPE` means to ignore/omit escaping. The parameter
accepts the same values as `isalpha()` and friends, i.e. “the value of
which shall be representable as an `unsigned char` or shall equal the
value of the macro `EOF`. If the argument has any other value, the
behavior is undefined.” This is a subtle BC break, since the character
`chr(128)` has the value `-1` if `char` is signed, and so likely would
be confused with `EOF` when converted to `int`. We consider this BC
break to be acceptable, since it's rather unlikely that anybody uses
`chr(128)` as escape character, and it easily can be fixed by casting
all `escape` arguments to `unsigned char`.
This patch implements the feature requests 38301[2] and 51496[3].
[1] <https://tools.ietf.org/html/rfc4180>
[2] <https://bugs.php.net/bug.php?id=38301>
[3] <https://bugs.php.net/bug.php?id=51496>
The `$mode` parameter of `imagecropauto()` defaults to `-1`. However,
`-1` is changed to `GD_CROP_DEFAULT` right away, so basically the
default is `GD_CROP_DEFAULT`, which is rather confusing and
unnecessary.
Therefore, we change the default to `IMG_CROP_DEFAULT`, but still allow
an explicit `-1` to be passed for BC reasons, in which case we trigger
a deprecation notice, so we can rid the `-1` support eventually.
`GD_CROP_DEFAULT` and `GD_CROP_SIDES` are names of libgd constants, and
as such they are not relevant for userland developers. Therefore, we
replace them by the constant names of our wrapper, i.e.
`IMG_CROP_DEFAULT` and `IMG_CROP_SIDES`, respectively.
Since upstream does not appear to move in any way[1], we sync our
behavior. Even though the BC break is ugly (which is the reason we
target master only), having to deal with different algorithms is even
worse for portable userland code.
[1] <https://github.com/libgd/libgd/issues/334>
Since cropping support has been added to our bundled libgd,
`gdImageAutoCrop` differs from upstream in that `GD_CROP_DEFAULT` falls
back on `GD_CROP_SIDES` if there is no transparent color in the image.
While this difference seem to be a useful improvement in our bundled
libgd, upstream has not yet signaled that there willing to back-port
it[1], so we revert it to stay in sync with upstream.
We also remove the additional NULL bailout at the end of the function,
which doesn't appear to be relevant any longer since bug 77198 has been
fixed.
[1] <https://github.com/libgd/libgd/issues/298>
`SQLite3::readOnly()` uses `sqlite3_stmt_readonly()` which is only
available as of libsqlite 3.7.4. For older SQLite3 versions we return
always `false`, which can be confusing. Instead of sticking with this
behavior, or even undefining the method for old SQLite3 versions, we
lift the requirements to SQLite 3.7.4 (released on 2010-12-08),
according to a respective discussion[1].
Since pdo_sqlite doesn't use `sqlite3_stmt_readonly()`, we stick with
the minimum requirement of SQLite 3.5.0.
[1] <https://github.com/php/php-src/pull/3614>
Serializing `SQLite3`, `SQLite3Stmt` and `SQLite3Result` instances is
possible but pointless, since unserializing results in uninitialized
instances, which will bail out of any method call. Therefore, we deny
serialization and unserialization in the first place.
Besides the common `:param` notation to designate named parameters in
prepared statements, SQLite3 also supports `@param` and `$param`.
While the latter is mostly to support the Tcl programming language, and
would be confusing for PHP's sqlite3 binding due to the similarity with
string interpolation, the former is common under .NET and raises no
such issue. Therefore we add support for it.
This patch has been developed in cooperation with @BohwaZ.
It is possible to pass flags when opening an SQLite database. For
Sqlite < 3.5.0 these are ignored, since `sqlite3_open` doesn't support
flags. Neither a warning or notice is raised in this case, nor is this
behavior documented in the PHP manual. Instead of fixing it either
way, we lift the requirement to SQLite 3.5.0 (released on 2007-09-04)
instead of the former SQLite 3.3.9 (released on 2007-01-04).
Static calls to non-static methods have been fully deprecated in
PHP 7.0 as part of https://wiki.php.net/rfc/reclassify_e_strict.
A combination of ReflectionMethod::getClosure() ("fake closures")
and Closure::bindTo() etc can be used to achieve the same behavior.
This commit ensures that a deprecation notice will be thrown also
in this case.
Some INI processors allow to specify empty values by just giving the
key without the equals sign, for instance MySQL and Python. It appears
to be sensible to add this possibility to our INI parser, so that it
can be used for such INI files as well. We choose NULL as the value of
empty values.
This syntactical enhancement is a (minor) BC break, though, as can be
seen by the necessary change to bug49692.ini. The “comment” formerly
has been simply ignored, but now it would be parsed as key with an
empty value.
This PR is based on Adam's former patch.
According to the “Deprecate and remove INTL_IDNA_VARIANT_2003” RFC[1],
we change the default of the $variant parameter of `idn_to_ascii()` and
`idn_to_utf8()` from `INTL_IDNA_VARIANT_2003` to
`INTL_IDNA_VARIANT_UTS46`.
[1] <https://wiki.php.net/rfc/deprecate-and-remove-intl_idna_variant_2003>
Given that ICU is a set of lively developed libraries, that ICU 50.1
has been released on 2012-11-05, and PHP 7.4 is scheduled to be
released seven years after it, we consider it appropriate to ditch
these legacy versions.
Particularly, that would be a reasonable groundwork to implement part
two of the “Deprecate and remove INTL_IDNA_VARIANT_2003” RFC[1], namely
to default idn_to_ascii()'s and idn_to_utf8()'s $variant parameter to
INTL_IDNA_VARIANT_UTS46, which is not defined in ICU < 4.6.
See also the related discussion on internals@[2].
[1] <https://wiki.php.net/rfc/deprecate-and-remove-intl_idna_variant_2003>
[2] <http://news.php.net/php.internals/101626>ff
Before this change, var_export()'s output for stdClass objects calls
the non-existent stdClass::__set_state method, and is therefore useless.
This commit makes var_export() output an (object) cast from an array
instead, which when evaluated, will produce a stdClass object. Other
classes see unchanged output.
The IPv6 IP of a socket is provided by inet_ntop() as a string, but
this function doesn't enclose the IP in brackets. This patch adds
them in the php_network_populate_name_from_sockaddr() function.
Don't automatically convert literal string keys to integers on
array access, as we may be dealing with an ArrayAccess object,
rather than a plain array.
The upgrade to PCRE2 should mostly be transparent to existing code, but
apparently there are some minor differences, which warrant a note in
UPGRADING (and consequently, in the migration guide).
In PHP static properties are shared between inheriting classes,
unless they are explicitly overwritten. However, because this
functionality was implemented using reference, it was possible
to break the implementation by reassigning the static property
reference.
This is fixed by switching the implementation from using references
to using INDIRECTs, which cannot be affected by userland code.
The sole purpose of `PHPDBG_FILE`, `PHPDBG_METHOD`, `PHPDBG_LINENO` and
`PHPDBG_FUNC` has been to be passed as first argument to `phpdbg_break`.
However, this functions is replaced as of PHP 5.6.3 by
`phpdbg_break_file`, `phpdbg_break_method` and 'phpdbg_break_func`,
respectively. Therefore, we're finally removing the useless constants.
- m4 and Windows configure scripts now forces Argon2 reference library version >= 20161029
- Implementation tested against 20161029 and 20171227 for Argon2id support
- Updates Argon2 ext/standard/password/tests to run tests for both Argon2i and Argon2id
I've introduced a new CompileError type, from which ParseError
inherits. These errors are not parse errors in the narrow sense
of the term, even though they happen to be generated during
parsing in our implementation. Additionally reusing the ParseError
class for this purpose would change existing error messages (if
the exception is not caught) from a "Fatal error:" to a "Parse
error:" prefix, and also the error kind from E_COMPILE_ERROR to
E_PARSE.
According to https://wiki.php.net/rfc/image2wbmp, we deprecate
`image2wbmp()`, rename the `$threshold` parameter to `$foreground`, and
remove superfluous code.
RFC: https://wiki.php.net/rfc/flexible_heredoc_nowdoc_syntaxes
* The ending label no longer has to be followed by a semicolon or
newline. Any non-label character is fine.
* The ending label may be indented. The indentation will be stripped
from all lines in the heredoc/nowdoc string.
Lexing of heredoc strings performs a scan-ahead to determine the
indentation of the ending label, so that the correct amount of
indentation can be removed when calculting the semantic values for
use by the parser. This makes the implementation quite a bit more
complicated than we would like :/
A set of hard-coded thousand separator characters (presently, `',.`) is
somewhat limited (users may prefer other separators, such as spaces or
underscores), as well as somewhat too liberal (arbitrary combinations
of different thousand separators are presently possible). Therefore we
introduce a `thousand` option analogous to `decimal`, which allows to
define the desired thousand separators as non-empty string, defaulting
to `',.`. While we easily could support empty strings here as well,
that would not make much sense, since this behavior can more easily be
accomplished by not setting the `FILTER_FLAG_ALLOW_THOUSAND` flag in
the first place.
The existence of the following functions is now guaranteed:
* curl_escape()
* curl_unescape()
* curl_multi_setopt()
libcurl 7.15.5 has been released 11.5 years ago and is available
even in RHEL 5.
This reverts commit c3717d9aec.
The final mitigation of the consequences with spectre should be
discussed more also with the regard to the happenings on the
developments. Right now a preliminary mitigation might be wrong or
suboptimal, thus reverting this.
The recently discovered security flaw Spectre requires a high resolution
timer. To the today's knowledge, PHP can't be used to create an attack for
this flaw. Still some concerns were raised, that there might be impact in
shared hosting environments. This patch adds a possibility to reduce the
timer resolution by an ini setting, thus giving administrators full
control. Especially, as the flaw was also demonstrated by an abuse of
the JS engine in a browser, Firefox reduced several time sources to 20us.
Any programming language, that doesn't compile to JIT, won't be able to
produce an attack vector for Meltdown and Spectre, at least by todays
knowledge. There are also other factors that say that the security
concern on the hrtime feature is to the big part not justified, still we
aim JIT in the future. Thus, adding a possibility to control the timer
resolution is a good and small enough tradeoff for safety and future.
convert_scalar_to_number() will now call cast_object() with an
_IS_NUMBER argument, in which case the cast handler should return
either an integer or floating point number, whichever is more
appropriate.
Previously convert_scalar_to_number() unconditionally converted
objects to integers instead.
Fixes bug #53033.
Fixes bug #54973.
Fixes bug #73108.
The existence of the following functions is now guaranteed:
* curl_reset()
* curl_strerror()
* curl_multi_strerror()
* curl_share_strerror()
libcurl 7.12.1 has been released more than 13 years ago and is
available even in RHEL 4.
This change may result in different mt_rand/rand sequences being
generated on 64-bit systems for a specific seed.
See also https://externals.io/message/100229.
This patch however does not drop support for the BeOS compatible variant, Haiku, see Github PR #2697 which is currently a WiP
I intentionally left out some fragments for BeOS in the build system for that seems to be bundles
It no longer includes a way to generate XML documentation (the PHP documentation utilities already got tools for that in svn under phpdoc/doc-base) and it no longer support function stubs.
$ php ext_skel.php --help
php ext_skel.php --ext=<name> [--experimental] [--author=<name>]
[--dir=<path>] [--std] [--onlyunix]
[--onlywindows] [--help]
--ext=<name> The name of the extension defined as <name>
--experimental Passed if this extension is experimental, this creates
the EXPERIMENTAL file in the root of the extension
--author=<name> Your name, this is used if --header is passed and
for the CREDITS file
--dir=<path> Path to the directory for where extension should be
created. Defaults to the directory of where this script
lives
--std If passed, the standard header and vim rules footer used
in extensions that is included in the core, will be used
--onlyunix Only generate configure scripts for Unix
--onlywindows Only generate configure scripts for Windows
--help This help
Example usage:
$ php ext_skel.php --ext test --std --experimental
$ php ext_skel.php --ext kalle --author "Kalle Sommer Nielsen"
$ php ext_skel.php --ext phpfi --dir "/home/kalle/dev/" --onlyunix
* pull-request/2528:
Change flags to use SQLITE3_OPEN_READ* constants instead of a fake-boolean, add tests on errors
Implement writing to BLOBs in SQLite3
bcmod() no longer truncates fractionals to integers. This matches
the behavior of fmod(). It also matches the behavior of bcpowmod().
It also matches the behavior of bcmod() in HHVM.
We add PHP bindings for libgd's features to read and write BMP files, which
are available as of libgd 2.1.0.
As PHP's bundled libgd doesn't yet include the respective features of the
external libgd, we add these.
If this does not break the Unix system somehow, I'll be amazed. This should get most of it out, apologies for any errors this may cause on non-Windows ends which I cannot test atm.
The core implementation details are described in win32/nice.c for values sent to proc_nice(), these can however be discussed to maybe comply with those of wmic, Anatol, thoughts?
The test supplied uses wmic for testing the functionality, it could potentially fail on systems where either wmic is not available or the system language is not english (as Microsoft tends to translate even CLI programs).
We add WebP support for getimagesize(), getimagesizefromstring)(),
image_type_to_extension() and image_type_to_mime_type(). For now we
care only about the simple lossy WebP format (VP8) and ignore the
lossless (VP8L) and extended (VP8X) formats. We use image/webp as MIME
type as it appears to be pretty common, even though it is not yet
registered with IANA.
Relevant specifications:
* <https://developers.google.com/speed/webp/docs/riff_container>
* <https://tools.ietf.org/html/rfc6386>
gdLayerMultiply() has been introduced in libgd 2.1.1, and as such would have
been already available for imagelayereffect() with a system libgd. We port
the respective code to the bundled libgd, and also make IMG_EFFECT_MULTIPLY
available to userland.
Instead of rolling our own in the bundled libgd, we use libgd's anti-aliased
drawing API. This way imageantialias() is also available, when built against
a system libgd.
Otherwise we're missing the "expected to be a reference, value
given" warning that appears for ordinary calls to call_user_func().
Also update an UPGRADING note with recent changes wrt
call_user_func().
The GD image format is able to handle truecolor images as of libgd 2.0.12
(<https://github.com/libgd/libgd/blob/gd-2.2.3/src/gd_gd.c#L31-L33>).
Therefore we don't need the potentially lossy and time consuming palette
conversion.
This way, imagegd() can also be used to export raw truecolor image data.