mirror of
https://github.com/sigmasternchen/php-doc-en
synced 2025-03-15 08:28:54 +00:00

CVE-2020-7070 git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@350707 c90b9560-bf6c-de11-be94-00142212c4b1
374 lines
11 KiB
XML
374 lines
11 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!-- $Revision$ -->
|
|
|
|
<sect1 xml:id="migration72.incompatible">
|
|
<title>Backward incompatible changes</title>
|
|
|
|
<sect2 xml:id="migration72.incompatible.number_format-no-neg-zero">
|
|
<title>Prevent <function>number_format</function> from returning negative zero</title>
|
|
|
|
<para>
|
|
Previously, it was possible for the <function>number_format</function>
|
|
function to return <literal>-0</literal>. Whilst this is perfectly valid
|
|
according to the IEEE 754 floating point specification, this oddity was not
|
|
desirable for displaying formatted numbers in a human-readable form.
|
|
</para>
|
|
|
|
<informalexample>
|
|
<programlisting role="php">
|
|
<![CDATA[
|
|
<?php
|
|
|
|
var_dump(number_format(-0.01)); // now outputs string(1) "0" instead of string(2) "-0"
|
|
]]>
|
|
</programlisting>
|
|
</informalexample>
|
|
</sect2>
|
|
|
|
<sect2 xml:id="migration72.incompatible.object-array-casts">
|
|
<title>Convert numeric keys in object and array casts</title>
|
|
|
|
<para>
|
|
Numeric keys are now better handled when casting arrays to objects and
|
|
objects to arrays (either from explicit casting or by
|
|
<function>settype</function>).
|
|
</para>
|
|
|
|
<para>
|
|
This means that integer (or stringy integer) keys from arrays being casted
|
|
to objects are now accessible:
|
|
</para>
|
|
|
|
<informalexample>
|
|
<programlisting role="php">
|
|
<![CDATA[
|
|
<?php
|
|
|
|
// array to object
|
|
$arr = [0 => 1];
|
|
$obj = (object)$arr;
|
|
var_dump(
|
|
$obj,
|
|
$obj->{'0'}, // now accessible
|
|
$obj->{0} // now accessible
|
|
);
|
|
]]>
|
|
</programlisting>
|
|
&example.outputs;
|
|
<screen>
|
|
<![CDATA[
|
|
object(stdClass)#1 (1) {
|
|
["0"]=> // string key now, rather than integer key
|
|
int(1)
|
|
}
|
|
int(1)
|
|
int(1)
|
|
]]>
|
|
</screen>
|
|
</informalexample>
|
|
|
|
<para>
|
|
And integer (or stringy integer) keys from objects being casted to arrays
|
|
are now accessible:
|
|
</para>
|
|
|
|
<informalexample>
|
|
<programlisting role="php">
|
|
<![CDATA[
|
|
<?php
|
|
|
|
// object to array
|
|
$obj = new class {
|
|
public function __construct()
|
|
{
|
|
$this->{0} = 1;
|
|
}
|
|
};
|
|
$arr = (array)$obj;
|
|
var_dump(
|
|
$arr,
|
|
$arr[0], // now accessible
|
|
$arr['0'] // now accessible
|
|
);
|
|
]]>
|
|
</programlisting>
|
|
&example.outputs;
|
|
<screen>
|
|
<![CDATA[
|
|
array(1) {
|
|
[0]=> // integer key now, rather than string key
|
|
int(1)
|
|
}
|
|
int(1)
|
|
int(1)
|
|
]]>
|
|
</screen>
|
|
</informalexample>
|
|
</sect2>
|
|
|
|
<sect2 xml:id="migration72.incompatible.no-null-to-get_class">
|
|
<title>Disallow passing &null; to <function>get_class</function></title>
|
|
|
|
<para>
|
|
Previously, passing &null; to the <function>get_class</function> function
|
|
would output the name of the enclosing class. This behaviour has now been
|
|
removed, where an <constant>E_WARNING</constant> will be output instead. To
|
|
achieve the same behaviour as before, the argument should simply be omitted.
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 xml:id="migration72.incompatible.warn-on-non-countable-types">
|
|
<title>Warn when counting non-countable types</title>
|
|
|
|
<para>
|
|
An <constant>E_WARNING</constant> will now be emitted when attempting to
|
|
<function>count</function> non-countable types (this includes the
|
|
<function>sizeof</function> alias function).
|
|
</para>
|
|
|
|
<informalexample>
|
|
<programlisting role="php">
|
|
<![CDATA[
|
|
<?php
|
|
|
|
var_dump(
|
|
count(null), // NULL is not countable
|
|
count(1), // integers are not countable
|
|
count('abc'), // strings are not countable
|
|
count(new stdclass), // objects not implementing the Countable interface are not countable
|
|
count([1,2]) // arrays are countable
|
|
);
|
|
]]>
|
|
</programlisting>
|
|
&example.outputs;
|
|
<screen>
|
|
<![CDATA[
|
|
Warning: count(): Parameter must be an array or an object that implements Countable in %s on line %d
|
|
|
|
Warning: count(): Parameter must be an array or an object that implements Countable in %s on line %d
|
|
|
|
Warning: count(): Parameter must be an array or an object that implements Countable in %s on line %d
|
|
|
|
Warning: count(): Parameter must be an array or an object that implements Countable in %s on line %d
|
|
int(0)
|
|
int(1)
|
|
int(1)
|
|
int(1)
|
|
int(2)
|
|
]]>
|
|
</screen>
|
|
</informalexample>
|
|
</sect2>
|
|
|
|
<sect2 xml:id="migration72.incompatible.hash-ext-to-objects">
|
|
<title>Move ext/hash from resources to objects</title>
|
|
|
|
<para>
|
|
As part of the long-term migration away from resources, the <link linkend="book.hash">Hash</link>
|
|
extension has been updated to use objects instead of resources. The change should be
|
|
seamless for PHP developers, except for where
|
|
<function>is_resource</function> checks have been made (which will need
|
|
updating to <function>is_object</function> instead).
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 xml:id="migration72.incompatible.ssl-tls-defaults">
|
|
<title>Improve SSL/TLS defaults</title>
|
|
|
|
<para>
|
|
The following changes to the defaults have been made:
|
|
</para>
|
|
|
|
<itemizedlist>
|
|
<listitem>
|
|
<simpara>
|
|
<literal>tls://</literal> now defaults to TLSv1.0 or TLSv1.1 or TLSv1.2
|
|
</simpara>
|
|
</listitem>
|
|
<listitem>
|
|
<simpara>
|
|
<literal>ssl://</literal> an alias of <literal>tls://</literal>
|
|
</simpara>
|
|
</listitem>
|
|
<listitem>
|
|
<simpara>
|
|
<literal>STREAM_CRYPTO_METHOD_TLS_*</literal> constants default to TLSv1.0
|
|
or TLSv1.1 + TLSv1.2, instead of TLSv1.0 only
|
|
</simpara>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</sect2>
|
|
|
|
<sect2 xml:id="migration72.incompatible.gettype-on-closed-resource">
|
|
<title><function>gettype</function> return value on closed resources</title>
|
|
|
|
<para>
|
|
Previously, using <function>gettype</function> on a closed resource would
|
|
return a string of <literal>"unknown type"</literal>. Now, a string of
|
|
<literal>"resource (closed)"</literal> will be returned.
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 xml:id="migration72.incompatible.is_object-on-incomplete_class">
|
|
<title><function>is_object</function> and <classname>__PHP_Incomplete_Class</classname></title>
|
|
|
|
<para>
|
|
Previously, using <function>is_object</function> on the
|
|
<classname>__PHP_Incomplete_Class</classname> class would return &false;.
|
|
Now, &true; will be returned.
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 xml:id="migration72.incompatible.undefined-constants">
|
|
<title>Promote the error level of undefined constants</title>
|
|
|
|
<para>
|
|
Unqualified references to undefined constants will now generate an
|
|
<constant>E_WARNING</constant> (instead of an <constant>E_NOTICE</constant>).
|
|
In the next major version of PHP, they will generate
|
|
<classname>Error</classname> exceptions.
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 xml:id="migration72.incompatible.windows-support">
|
|
<title>Windows support</title>
|
|
|
|
<para>
|
|
The officially supported, minimum Windows versions are now Windows 7/Server
|
|
2008 R2.
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 xml:id="migration72.incompatible.trait-properties">
|
|
<title>Checks on default property values of traits</title>
|
|
|
|
<para>
|
|
Compatibility checks upon default trait property values will no longer
|
|
perform casting.
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 xml:id="migration72.incompatible.object-reserved-word">
|
|
<title><literal>object</literal> for class names</title>
|
|
|
|
<para>
|
|
The <literal>object</literal> name was previously soft-reserved in PHP 7.0.
|
|
This is now hard-reserved, prohibiting it from being used as a class, trait,
|
|
or interface name.
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 xml:id="migration72.incompatible.netware-support">
|
|
<title>NetWare support</title>
|
|
|
|
<para>
|
|
Support for NetWare has now been removed.
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 xml:id="migration72.incompatible.array-unique">
|
|
<title><function>array_unique</function> with <constant>SORT_STRING</constant></title>
|
|
|
|
<para>
|
|
While <function>array_unique</function> with <constant>SORT_STRING</constant>
|
|
formerly copied the array and removed non-unique elements (without packing
|
|
the array afterwards), now a new array is built by adding the
|
|
unique elements. This can result in different numeric indexes.
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 xml:id="migration72.incompatible.bcmod-and-floats">
|
|
<title><function>bcmod</function> changes with floats</title>
|
|
|
|
<para>
|
|
The <function>bcmod</function> function no longer truncates fractional
|
|
numbers to integers. As such, its behavior now follows
|
|
<function>fmod</function>, rather than the <literal>%</literal> operator.
|
|
For example <literal>bcmod('4', '3.5')</literal> now returns
|
|
<literal>0.5</literal> instead of <literal>1</literal>.
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 xml:id="migration72.incompatible.hash-functions">
|
|
<title>Hashing functions and non-cryptographic hashes</title>
|
|
|
|
<para>
|
|
The <function>hash_hmac</function>, <function>hash_hmac_file</function>,
|
|
<function>hash_pbkdf2</function>, and <function>hash_init</function> (with
|
|
<constant>HASH_HMAC</constant>) functions no longer accept non-cryptographic
|
|
hashes.
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 xml:id="migration72.incompatible.json_decode-changes">
|
|
<title><function>json_decode</function> function options</title>
|
|
|
|
<para>
|
|
The <function>json_decode</function> function option,
|
|
<constant>JSON_OBJECT_AS_ARRAY</constant>, is now used if the second
|
|
parameter (assoc) is &null;. Previously,
|
|
<constant>JSON_OBJECT_AS_ARRAY</constant> was always ignored.
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 xml:id="migration72.incompatible.rand-mt_rand-output">
|
|
<title><function>rand</function> and <function>mt_rand</function> output</title>
|
|
|
|
<para>
|
|
Sequences generated by <function>rand</function> and
|
|
<function>mt_rand</function> for a specific seed may differ from PHP 7.1 on
|
|
64-bit machines (due to the fixing of a modulo bias bug in the
|
|
implementation).
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 xml:id="migration72.incompatible.sqlsafe_mode-ini-setting">
|
|
<title>Removal of <link linkend="ini.sql.safe-mode"><parameter>sql.safe_mode</parameter></link> ini setting</title>
|
|
|
|
<para>
|
|
The <parameter>sql.safe_mode</parameter> ini setting has now been removed.
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 xml:id="migration72.incompatible.date_parse_from_format">
|
|
<title>Changes to <function>date_parse</function> and <function>date_parse_from_format</function></title>
|
|
|
|
<para>
|
|
The <literal>zone</literal> element of the array returned by <function>date_parse</function> and
|
|
<function>date_parse_from_format</function> represents seconds instead of
|
|
minutes now, and its sign is inverted. For instance <literal>-120</literal>
|
|
is now <literal>7200</literal>.
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 xml:id="migration72.incompatible.cookie-decode">
|
|
<title>Incoming Cookies</title>
|
|
|
|
<para>
|
|
As of PHP 7.2.34, the <emphasis>names</emphasis> of incoming cookies are no
|
|
longer url-decoded for security reasons.
|
|
</para>
|
|
</sect2>
|
|
|
|
</sect1>
|
|
|
|
<!-- Keep this comment at the end of the file
|
|
Local variables:
|
|
mode: sgml
|
|
sgml-omittag:t
|
|
sgml-shorttag:t
|
|
sgml-minimize-attributes:nil
|
|
sgml-always-quote-attributes:t
|
|
sgml-indent-step:1
|
|
sgml-indent-data:t
|
|
indent-tabs-mode:nil
|
|
sgml-parent-document:nil
|
|
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
|
|
sgml-exposed-tags:nil
|
|
sgml-local-catalogs:nil
|
|
sgml-local-ecat-files:nil
|
|
End:
|
|
vim600: syn=xml fen fdm=syntax fdl=2 si
|
|
vim: et tw=78 syn=sgml
|
|
vi: ts=1 sw=1
|
|
-->
|