Source

php-src / UPGRADING

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
$Id$

UPGRADE NOTES - PHP X.Y

1. Changes made to default configuration
2. Reserved words and classes
3. Changes made to engine behaviour
4. Changes made to existing functions
5. Changes made to existing methods
6. Changes made to existing classes
7. Deprecated
8. Removed
9. Extensions:
     a. moved out to PECL and actively maintained there
     b. no longer maintained
     c. with changed behaviour
     d. no longer possible to disable
10. Changes in SAPI support
11. Changes in INI directives
12. Syntax additions
13. Windows support
14. New in PHP X.Y:
     a. New libraries
     b. New extensions
     c. New stream wrappers
     d. New stream filters
     e. New functions
     f. New global constants
     g. New classes
     h. New methods
     i. New class constants
     j. New hash algorithms
     k. New Syntax

========================================
1. Changes made to default configuration
========================================

- The default_charset setting now defaults to UTF-8.
  It was ISO-88590-1 before, so if you were relying 
  on the default, you will need to add:

    default_charset = iso-8859-1

  to your php.ini to preserve pre-PHPX.Y behavior.

- We now check at compile time if /dev/urandom or /dev/arandom
  are present to provide non-blocking entropy to session id
  generation.  If either is present, session.entropy_file
  now defaults to that file and session.entropy_length defaults
  to 32.  If you do not want extra entropy for your session ids
  for some reason, add:

    session.entropy_file=
    session.entropy_length=0

  to your php.ini to preserve pre-PHPX.Y behavior.

- Deprecated ini directives will now throw an E_CORE_WARNING's 
  instead of the previous E_WARNING's.

  The following directives are marked as deprecated:
  - magic_quotes_gpc
  - magic_quotes_runtime
  - magic_quotes_sybase

- The following directives, which indicates a removed feature 
  in PHP will now throw an E_CORE_ERROR upon startup like the 
  deprecation warnings.

  The following directives are no longer available:
  - allow_call_time_pass_reference
  - define_syslog_variables
  - highlight.bg
  - register_globals
  - register_long_arrays
  - safe_mode
  - safe_mode_gid
  - safe_mode_include_dir
  - safe_mode_exec_dir
  - safe_mode_allowed_env_vars
  - safe_mode_protected_env_vars
  - zend.ze1_compatibility_mode


=============================
2. Reserved words and classes
=============================

- 

===================================
3. Changes made to engine behaviour
===================================

- Turning null, false or empty string into an object by adding a property
  will now emit a warning instead of an E_STRICT error.
  
  $test = null;
  $test->baz = 1;
  
  To create a generic object you can use StdClass:
  $test = new StdClass;
  $test->baz = 1;
  
- It's now possible to enforce the class' __construct arguments in an abstract
  constructor in the base class.

  abstract class Base
  {
    abstract public function __construct();
  }
  class Foo extends Base
  {
    public function __construct($bar) {}
  }
  
  Now emits a Fatal error due the incompatible declaration.

- In previous versions, names of superglobals could be used for parameter
  names, thereby shadowing the corresponding superglobal. This now causes a
  fatal error such as "Cannot re-assign auto-global variable GLOBALS".

=====================================
4. Changes made to existing functions
=====================================

- array_combine now returns array() instead of FALSE when two empty arrays are
  provided as parameters.
- Added an extra parameter to dns_get_record(), which allows requesting DNS
  records by numeric type and makes the result include only the raw data of
  the response.
- call_user_func_array no longer allows call-time pass by reference.
- htmlentities/htmlspecialchars are stricter in the code units they accept for
  the asian encodings. For Big5-HKSCS, the octets 0x80 and 0xFF are rejected.
  For GB2312/EUC-CN, the octets 0x8E, 0x8F, 0xA0 and 0xFF are rejected. For
  SJIS, the octets 0x80, 0xA0, 0xFD, 0xFE and 0xFF are rejected, except maybe
  after a valid starting byte. For EUC-JP, the octets 0xA0 and 0xFF are
  rejected.
- htmlentities now emits an E_STRICT warning when used with asian characters,
  as in that case htmlentities has (and already had before this version) the
  same functionality as htmlspecialchars.
- htmlentities no longer numerically encodes high characters for single-byte
  encodings (except when there's actually a corresponding named entity). This
  behavior was not documented and was inconsistent with that for "UTF-8".
- html_entity_decode/htmlspecialchars_decode behave more consistently, now
  decoding entities in malformed strings such as "&&" or "&#&".
- htmlentities/htmlspecialchars/html_entity_decode/htmlspecialchars_decode:
  Added the flags ENT_HTML401, ENT_XML1, ENT_XHTML, and ENT_HTML5. The
  behavior of these functions including, but not limited to, the characters
  that are encoded and the entities that are decoded depend on the document
  type that is specified by those flags.
- htmlentities/htmlspecialchars with !$double_encode do more strict checks on
  the validity of the entities. Numerical entities are checked for a valid
  range (0 to 0x10FFFF); if the flag ENT_DISALLOWED is given, the validity of
  such numerical entity in the target document type is also checked.  Named
  entities are checked for necessary existence in the target document type
  instead of only checking whether they were constituted by alphanumeric
  characters.
- The flag ENT_DISALLOWED was added. In addition to the behavior described in
  the item before, it also makes htmlentities/htmlspecialchars substitute
  characters that appear literally in the argument string and which are not
  allowed in the target document type with U+FFFD (UTF-8) or �.
- The flag ENT_SUBSTITUTE was added. This flag makes invalid multibyte
  sequences be replaced by U+FFFD (UTF-8) or &#FFFD; by htmlspecialchars and
  htmlentities. It is an alternative to the default behavior, which just
  returns an empty string and to ENT_IGNORE, which is a security risk. The
  behavior follows the recommendations of Unicode Technical Report #36.
- htmlspecialchars_decode/html_entity_decode now decode ' if the document
  type is ENT_XML1, ENT_XHTML, or ENT_HTML5.
- Charset detection with $charset == '' no longer turns to mbstring's
  internal encoding defined through mb_internal_encoding(). Only the encoding
  defined through the ini setting mbstring.internal_encoding is considered.
- number_format() no longer truncates multibyte decimal points and thousand
  separators to the first byte.
- The third parameter ($matches) to preg_match_all() is now optional. If
  omitted, the function will simply return the number of times the pattern was
  matched in the subject and will have no other side effects.
- The second argument of scandir() now accepts SCANDIR_SORT_NONE (2) as a
  possible value. This value results in scandir() performing no sorting: on
  local filesystems, this allows files to be returned in native filesystem
  order.
- stream_select() now preserves the keys of the passed array, be they numeric or
  strings. This breaks code that iterated the resulting stream array using a
  numeric index, but makes easier to identify which of the passed streams are
  present in the result.
- stream_set_write_buffer() no longer disables the read buffer of a plain
  stream when 0 is given as the second argument.
- stream_set_write_buffer() no longer changes the chunk size in socket streams.
- fclose() closes streams with resource refcount > 1; it doesn't merely
  decrement the resource refcount.
- socket_set_options() and socket_get_options() now support multicast options.
- Arrays cast from SimpleXMLElement now always contain all nodes instead of
  just the first matching node.
- All SimpleXMLElement children are now always printed when using var_dump(),
  var_export(), and print_r().
- The raw data parameter in openssl_encrypt()/openssl_decrypt() is now an options
  integer rather than a boolean. A value of true produces the same behaviour.
- Write operations within XSLT (for example with the extension sax:output) are
  disabled by default. You can define what is forbidden with the method
  XsltProcess::setSecurityPrefs($options)
- openssl_csr_new() expects the textual data to be in UTF-8.

===================================
5. Changes made to existing methods
===================================

- 

===================================
6. Changes made to existing classes
===================================

- Classes that implement stream wrappers can define a method called
  stream_truncate that will respond to truncation, e.g. through ftruncate.
  Strictly speaking, this is an addition to the user-space stream wrapper
  template, not a change to an actual class.
- Constructors of userspace subclasses of the following SPL classes are now
  required to call the parent constructor and not clear any exceptions they
  throw (replacing the thrown exception by another one is permitted):
  SplFileInfo, DirectoryIterator, FilesystemIterator, GlobIterator,
  SplFileObject, SplTempFileObject, RecursiveDirectoryIterator,
  IteratorIterator, FilterIterator, RecursiveFilterIterator, ParentIterator,
  LimitIterator, CachingIterator, RecursiveCachingIterator, NoRewindIterator,
  AppendIterator, InfiniteIterator, RegexIterator, RecursiveRegexIterator, and
  RecursiveTreeIterator.
  It is no longer possible to defer the parent constructor call until after the
  object is constructed.
  

=============
7. Deprecated
=============

==========
8. Removed
==========

    a. removed features

       - magic quotes
         . remove magic_quotes_gpc, magic_quotes_runtime, 
           magic_quotes_sybase (calling ini_set('magic_....') 
           returns 0|false
         . get_magic_quotes_gpc, get_magic_quotes_runtime are kept but
           always return false
         . set_magic_quotes_runtime raises an E_CORE_ERROR

       - register_globals
       - register_long_arrays
       - Safe mode
       - Session extension bug compatibility mode
       - y2k_compliance mode

    b. removed ini directives

       - define_syslog_variables
       - register_globals
       - register_long_arrays
       - safe_mode
       - safe_mode_gid
       - safe_mode_include_dir
       - safe_mode_exec_dir
       - safe_mode_allowed_env_vars
       - safe_mode_protected_env_vars
       - session.bug_compat42
       - session.bug_compat_warn
       - y2k_compliance

    c. removed functions

       - define_syslog_variables()
       - import_request_variables()
       - session_is_registered()
       - session_register()
       - session_unregister()
       - mysqli_bind_param() (alias of mysqli_stmt_bind_param())
       - mysqli_bind_result() (alias of mysqli_stmt_bind_result())
       - mysqli_client_encoding() (alias of mysqli_character_set_name())
       - mysqli_fetch() (alias of mysqli_stmt_fetch())
       - mysqli_param_count() (alias of mysqli_stmt_param_count())
       - mysqli_get_metadata() (alias of mysqli_stmt_result_metadata())
       - mysqli_send_long_data() (alias of mysqli_stmt_send_long_data())
       - mysqli::client_encoding() (alias of mysqli::character_set_name)
       - mysqli_stmt::stmt() (never worked/always throws, undocumented)

    d. removed syntax

       - break $var;
       - continue $var;

=============
9. Extensions
=============

     a. moved out to PECL and actively maintained there

        - 

     b. no longer maintained

        - ext/sqlite

     c. with changed behaviour

        - The MySQL extensions (ext/mysql, mysqli and PDO_mysql) use mysqlnd
          as the default library now. It is still possible to use libmysql by
          specifying a path to the configure options.
        - The session extension now can hook into the file upload feature
          in order to provide upload progress information through session 
          variables.
        - SNMP extension
             - Functions in SNMP extension now returns FALSE on every error 
               condition including SNMP-related (no such instance, end of MIB,
               etc). Thus, in patricular, breaks previous behaviour of get/walk
               functions returning an empty string on SNMP-related errors.
             - Multi OID get/getnext/set queries are now supported.
             - New constants added for use in snmp_set_oid_output_format()
               function.
             - Function snmp_set_valueretrieval() changed it's behaviour:
                    SNMP_VALUE_OBJECT can be combined with one of 
                    SNMP_VALUE_PLAIN or SNMP_VALUE_LIBRARY resulting OID value
                    changes. When no SNMP_VALUE_PLAIN or SNMP_VALUE_LIBRARY
                    is supplied with SNMP_VALUE_OBJECT, SNMP_VALUE_LIBRARY is used.
                    Prior to 5.4.0 when no SNMP_VALUE_PLAIN or SNMP_VALUE_LIBRARY
                    was supplied with SNMP_VALUE_OBJECT, SNMP_VALUE_PLAIN was used.
             - Added feature-rich OO API (SNMP class)
             - Dropped UCD-SNMP compatibility code. Consider upgrading to
               net-snmp v5.3+. Net-SNMP v5.4+ is required for Windows version.
             - In sake of adding support for IPv6 DNS name resolution of
               remote SNMP agent (peer) is done by extension now, not by Net-SNMP
               library anymore.
          
        - Date extension
          - Setting the timezone with the TZ environment variable is no longer
            supported, instead date.timezone and/or date_default_timezone_set()
            have to be used.
          - The extension will no longer guesses the default timezone if none
            is set with date.timezone and/or date_default_timezone_set().
            Instead it will always fall back to "UTC".

     d. no longer possible to disable

        - 

==========================
10. Changes in SAPI support
==========================

- The REQUEST_TIME value inside server now returns a floating point number
  indicating the time with microsecond precision. All SAPIs providing this
  value should be returning float and not time_t.

=============================
11. Changes in INI directives
=============================

- Added session.upload_progress.enabled, session.upload_progress.cleanup, 
  session.upload_progress.prefix, session.upload_progress.name, 
  session.upload_progress.freq, session.upload_progress.min_freq.
- Added zend.multibyte directive as a replacement of PHP compile time
  configuration option --enable-zend-multibyte. Now ZE always contains code for
  multibyte support, but may enable or disable it by zend.multibyte. It doesn't
  make a lot of sense to enable this option without ext/mbstring, because the
  most functionality is implemented by mbstrings callbacks.
- Added enable_post_data_reading, which is enabled by default. When it's
  disabled, the POST data is not read (and processed); the behavior is similar
  to that of other request methods with body, like PUT. This allows reading the
  raw POST data in multipart requests and read/process the POST data in a
  stream fashion (through php://input), without having it copied in memory two/
  three times.
- Changed E_ALL to include E_STRICT. Recommended production value changed to 
  E_ALL & ~E_DEPRECATED & ~E_STRICT.
- a new directive, called windows_show_crt_warning, has been introduced.
  This directive shows the CRT warnings when enabled. These warnings were
  displayed by default until now. It is disabled by default. 

====================
12. Syntax additions
====================

- Array dereferencing.
  e.g.
    foo()[0]
    $foo->bar()[0]

- Callable typehint, argument must be callable (i.e. pass is_callable($arg, false))
  example:
  function foo(callable $do) {
  }
  foo("strcmp");
  foo(function() {});
  $o = new ArrayObject();
  foo(array($o, "count"));

===================
13. Windows support
===================

- is_link now works properly for symbolic links on Windows Vista 
  or later. Earlier systems do not support symbolic links.

===================
14. New in PHP X.Y:
===================

     a. New libraries

       - 

     b. New extensions

       - 

     c. New stream wrappers

       - 

     d. New stream filters

       - 

     e. New functions

       - Core:
         - get_declared_traits()
         - hex2bin()
         - http_response_code()
         - stream_set_chunk_size()
         - socket_import_stream()
         - trait_exists()

       - LDAP:
         - ldap_control_paged_results()
         - ldap_control_paged_results_response()

       - libxml
         - libxml_set_external_entity_loader()

     f. New global constants

       - JSON_PRETTY_PRINT
       - JSON_UNESCAPED_SLASHES
       - ENT_SUBSTITUTE
       - ENT_ALLOWED
       - ENT_HTML401
       - ENT_XML1
       - ENT_XHTML
       - ENT_HTML5
       - SCANDIR_SORT_ASCENDING
       - SCANDIR_SORT_DESCENDING
       - SCANDIR_SORT_NONE
       - MCAST_JOIN_GROUP
       - MCAST_LEAVE_GROUP
       - MCAST_BLOCK_SOURCE
       - MCAST_UNBLOCK_SOURCE
       - MCAST_JOIN_SOURCE_GROUP
       - MCAST_LEAVE_SOURCE_GROUP
       - IP_MULTICAST_IF
       - IP_MULTICAST_TTL
       - IP_MULTICAST_LOOP
       - IPV6_MULTICAST_IF
       - IPV6_MULTICAST_HOPS
       - IPV6_MULTICAST_LOOP
       - IPPROTO_IP
       - IPPROTO_IPV6
       - OPENSSL_RAW_DATA
       - OPENSSL_ZERO_PADDING

     g. New classes

       - Reflection:
         - ReflectionZendExtension
       
       - Intl:
         - Transliterator
       
       - SNMP:
         - SNMP

       - SPL:
         - CallbackFilterIterator
         - RecursiveCallbackFilterIterator

     h. New methods

       - DirectoryIterator
         - DirectoryIterator::getExtension()

       - Reflection:
         - ReflectionClass::isCloneable()
         - ReflectionClass::getTraits()
         - ReflectionClass::getTraitNames()
         - ReflectionClass::getTraitAliases()
         - ReflectionParameter::canBePassedByValue()
         - ReflectionParameter::isCallable()
       
       - RegexIterator
         - RegexIterator::getRegex()

       - PDO_dblib
         - PDO::newRowset()

       - SplFileInfo
         - SplFileInfo::getExtension()

       - SplFileObject
         - SplFileObject::fputcsv()

     i. New class constants

       - 

     j. New Hash algorithms

       - fnv132
       - fnv164
       - joaat
       
     k. New Syntax
       - Short array syntax in 5.4.0
         $a = [1, 2, 3, 4];
         $a = ['one' => 1, 'two' => 2, 'three' => 3, 'four' => 4];
         $a = ['one' => 1, 2, 'three' => 3, 4];

       - Binary number format
         0b00100 0b010101
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.