php-doc-en/appendices/migration72/incompatible.xml
Christoph Michael Becker e61d2217d5 Document BC breaking change in handling of incoming cookie names
CVE-2020-7070

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@350707 c90b9560-bf6c-de11-be94-00142212c4b1
2020-09-29 10:30:38 +00:00

374 lines
11 KiB
XML

<?xml version="1.0" encoding="utf-8"?>
<!-- $Revision$ -->
<sect1 xml:id="migration72.incompatible">
<title>Backward incompatible changes</title>
<sect2 xml:id="migration72.incompatible.number_format-no-neg-zero">
<title>Prevent <function>number_format</function> from returning negative zero</title>
<para>
Previously, it was possible for the <function>number_format</function>
function to return <literal>-0</literal>. Whilst this is perfectly valid
according to the IEEE 754 floating point specification, this oddity was not
desirable for displaying formatted numbers in a human-readable form.
</para>
<informalexample>
<programlisting role="php">
<![CDATA[
<?php
var_dump(number_format(-0.01)); // now outputs string(1) "0" instead of string(2) "-0"
]]>
</programlisting>
</informalexample>
</sect2>
<sect2 xml:id="migration72.incompatible.object-array-casts">
<title>Convert numeric keys in object and array casts</title>
<para>
Numeric keys are now better handled when casting arrays to objects and
objects to arrays (either from explicit casting or by
<function>settype</function>).
</para>
<para>
This means that integer (or stringy integer) keys from arrays being casted
to objects are now accessible:
</para>
<informalexample>
<programlisting role="php">
<![CDATA[
<?php
// array to object
$arr = [0 => 1];
$obj = (object)$arr;
var_dump(
$obj,
$obj->{'0'}, // now accessible
$obj->{0} // now accessible
);
]]>
</programlisting>
&example.outputs;
<screen>
<![CDATA[
object(stdClass)#1 (1) {
["0"]=> // string key now, rather than integer key
int(1)
}
int(1)
int(1)
]]>
</screen>
</informalexample>
<para>
And integer (or stringy integer) keys from objects being casted to arrays
are now accessible:
</para>
<informalexample>
<programlisting role="php">
<![CDATA[
<?php
// object to array
$obj = new class {
public function __construct()
{
$this->{0} = 1;
}
};
$arr = (array)$obj;
var_dump(
$arr,
$arr[0], // now accessible
$arr['0'] // now accessible
);
]]>
</programlisting>
&example.outputs;
<screen>
<![CDATA[
array(1) {
[0]=> // integer key now, rather than string key
int(1)
}
int(1)
int(1)
]]>
</screen>
</informalexample>
</sect2>
<sect2 xml:id="migration72.incompatible.no-null-to-get_class">
<title>Disallow passing &null; to <function>get_class</function></title>
<para>
Previously, passing &null; to the <function>get_class</function> function
would output the name of the enclosing class. This behaviour has now been
removed, where an <constant>E_WARNING</constant> will be output instead. To
achieve the same behaviour as before, the argument should simply be omitted.
</para>
</sect2>
<sect2 xml:id="migration72.incompatible.warn-on-non-countable-types">
<title>Warn when counting non-countable types</title>
<para>
An <constant>E_WARNING</constant> will now be emitted when attempting to
<function>count</function> non-countable types (this includes the
<function>sizeof</function> alias function).
</para>
<informalexample>
<programlisting role="php">
<![CDATA[
<?php
var_dump(
count(null), // NULL is not countable
count(1), // integers are not countable
count('abc'), // strings are not countable
count(new stdclass), // objects not implementing the Countable interface are not countable
count([1,2]) // arrays are countable
);
]]>
</programlisting>
&example.outputs;
<screen>
<![CDATA[
Warning: count(): Parameter must be an array or an object that implements Countable in %s on line %d
Warning: count(): Parameter must be an array or an object that implements Countable in %s on line %d
Warning: count(): Parameter must be an array or an object that implements Countable in %s on line %d
Warning: count(): Parameter must be an array or an object that implements Countable in %s on line %d
int(0)
int(1)
int(1)
int(1)
int(2)
]]>
</screen>
</informalexample>
</sect2>
<sect2 xml:id="migration72.incompatible.hash-ext-to-objects">
<title>Move ext/hash from resources to objects</title>
<para>
As part of the long-term migration away from resources, the <link linkend="book.hash">Hash</link>
extension has been updated to use objects instead of resources. The change should be
seamless for PHP developers, except for where
<function>is_resource</function> checks have been made (which will need
updating to <function>is_object</function> instead).
</para>
</sect2>
<sect2 xml:id="migration72.incompatible.ssl-tls-defaults">
<title>Improve SSL/TLS defaults</title>
<para>
The following changes to the defaults have been made:
</para>
<itemizedlist>
<listitem>
<simpara>
<literal>tls://</literal> now defaults to TLSv1.0 or TLSv1.1 or TLSv1.2
</simpara>
</listitem>
<listitem>
<simpara>
<literal>ssl://</literal> an alias of <literal>tls://</literal>
</simpara>
</listitem>
<listitem>
<simpara>
<literal>STREAM_CRYPTO_METHOD_TLS_*</literal> constants default to TLSv1.0
or TLSv1.1 + TLSv1.2, instead of TLSv1.0 only
</simpara>
</listitem>
</itemizedlist>
</sect2>
<sect2 xml:id="migration72.incompatible.gettype-on-closed-resource">
<title><function>gettype</function> return value on closed resources</title>
<para>
Previously, using <function>gettype</function> on a closed resource would
return a string of <literal>"unknown type"</literal>. Now, a string of
<literal>"resource (closed)"</literal> will be returned.
</para>
</sect2>
<sect2 xml:id="migration72.incompatible.is_object-on-incomplete_class">
<title><function>is_object</function> and <classname>__PHP_Incomplete_Class</classname></title>
<para>
Previously, using <function>is_object</function> on the
<classname>__PHP_Incomplete_Class</classname> class would return &false;.
Now, &true; will be returned.
</para>
</sect2>
<sect2 xml:id="migration72.incompatible.undefined-constants">
<title>Promote the error level of undefined constants</title>
<para>
Unqualified references to undefined constants will now generate an
<constant>E_WARNING</constant> (instead of an <constant>E_NOTICE</constant>).
In the next major version of PHP, they will generate
<classname>Error</classname> exceptions.
</para>
</sect2>
<sect2 xml:id="migration72.incompatible.windows-support">
<title>Windows support</title>
<para>
The officially supported, minimum Windows versions are now Windows 7/Server
2008 R2.
</para>
</sect2>
<sect2 xml:id="migration72.incompatible.trait-properties">
<title>Checks on default property values of traits</title>
<para>
Compatibility checks upon default trait property values will no longer
perform casting.
</para>
</sect2>
<sect2 xml:id="migration72.incompatible.object-reserved-word">
<title><literal>object</literal> for class names</title>
<para>
The <literal>object</literal> name was previously soft-reserved in PHP 7.0.
This is now hard-reserved, prohibiting it from being used as a class, trait,
or interface name.
</para>
</sect2>
<sect2 xml:id="migration72.incompatible.netware-support">
<title>NetWare support</title>
<para>
Support for NetWare has now been removed.
</para>
</sect2>
<sect2 xml:id="migration72.incompatible.array-unique">
<title><function>array_unique</function> with <constant>SORT_STRING</constant></title>
<para>
While <function>array_unique</function> with <constant>SORT_STRING</constant>
formerly copied the array and removed non-unique elements (without packing
the array afterwards), now a new array is built by adding the
unique elements. This can result in different numeric indexes.
</para>
</sect2>
<sect2 xml:id="migration72.incompatible.bcmod-and-floats">
<title><function>bcmod</function> changes with floats</title>
<para>
The <function>bcmod</function> function no longer truncates fractional
numbers to integers. As such, its behavior now follows
<function>fmod</function>, rather than the <literal>%</literal> operator.
For example <literal>bcmod('4', '3.5')</literal> now returns
<literal>0.5</literal> instead of <literal>1</literal>.
</para>
</sect2>
<sect2 xml:id="migration72.incompatible.hash-functions">
<title>Hashing functions and non-cryptographic hashes</title>
<para>
The <function>hash_hmac</function>, <function>hash_hmac_file</function>,
<function>hash_pbkdf2</function>, and <function>hash_init</function> (with
<constant>HASH_HMAC</constant>) functions no longer accept non-cryptographic
hashes.
</para>
</sect2>
<sect2 xml:id="migration72.incompatible.json_decode-changes">
<title><function>json_decode</function> function options</title>
<para>
The <function>json_decode</function> function option,
<constant>JSON_OBJECT_AS_ARRAY</constant>, is now used if the second
parameter (assoc) is &null;. Previously,
<constant>JSON_OBJECT_AS_ARRAY</constant> was always ignored.
</para>
</sect2>
<sect2 xml:id="migration72.incompatible.rand-mt_rand-output">
<title><function>rand</function> and <function>mt_rand</function> output</title>
<para>
Sequences generated by <function>rand</function> and
<function>mt_rand</function> for a specific seed may differ from PHP 7.1 on
64-bit machines (due to the fixing of a modulo bias bug in the
implementation).
</para>
</sect2>
<sect2 xml:id="migration72.incompatible.sqlsafe_mode-ini-setting">
<title>Removal of <link linkend="ini.sql.safe-mode"><parameter>sql.safe_mode</parameter></link> ini setting</title>
<para>
The <parameter>sql.safe_mode</parameter> ini setting has now been removed.
</para>
</sect2>
<sect2 xml:id="migration72.incompatible.date_parse_from_format">
<title>Changes to <function>date_parse</function> and <function>date_parse_from_format</function></title>
<para>
The <literal>zone</literal> element of the array returned by <function>date_parse</function> and
<function>date_parse_from_format</function> represents seconds instead of
minutes now, and its sign is inverted. For instance <literal>-120</literal>
is now <literal>7200</literal>.
</para>
</sect2>
<sect2 xml:id="migration72.incompatible.cookie-decode">
<title>Incoming Cookies</title>
<para>
As of PHP 7.2.34, the <emphasis>names</emphasis> of incoming cookies are no
longer url-decoded for security reasons.
</para>
</sect2>
</sect1>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->