From: Bob Weinand Date: Thu, 1 May 2014 10:30:46 +0000 (+0200) Subject: Merge branch 'PHP-5.6' X-Git-Tag: PRE_PHPNG_MERGE~325 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e0b9e5249c6b19f3fc919e1e4e1c3409643efebe;p=php Merge branch 'PHP-5.6' --- e0b9e5249c6b19f3fc919e1e4e1c3409643efebe diff --cc UPGRADING index 4c49485725,d68bafde57..740047a86a --- a/UPGRADING +++ b/UPGRADING @@@ -28,29 -65,221 +28,29 @@@ PHP X.Y UPGRADE NOTE 2. New Features ======================================== -- Added constant scalar expressions syntax. - (https://wiki.php.net/rfc/const_scalar_exprs) - -- Added dedicated syntax for variadic functions. - (https://wiki.php.net/rfc/variadics) - -- Added support for argument unpacking to complement the variadic syntax. - (https://wiki.php.net/rfc/argument_unpacking) - -- Added an exponentiation operator (**). - (https://wiki.php.net/rfc/pow-operator) - -- Added unified default encoding. default_charset=UTF-8 and functions/extensions - use encoding settings honor default_charset. - -- The php://input stream is now re-usable and can be used concurrently with - enable_post_data_reading=0. - -- Added use function and use const. - (https://wiki.php.net/rfc/use_function) - -- Added a function for timing attack safe string comparison - (https://wiki.php.net/rfc/timing_attack) - -- Added gost-crypto (CryptoPro S-box) hash algorithm. - -- Stream wrappers verify peer certificates and host names by default in - encrypted client streams. - -- Added openssl certificate fingerprint support (inclusive stream context - option). - -- Added support for SAN x509 extension matching when verifing host names in - encrypted streams. - -- Added a range of new SSL context options for improved encrypted stream - server security (https://wiki.php.net/rfc/improved-tls-defaults): - - . "honor_cipher_order" allows servers to prioritize cipher suites of their - choosing when negotiating SSL/TLS handshakes. - . "single_ecdh_use" and "single_dh_use" allow for improved forward - secrecy in encrypted stream servers. - . "dh_param" allows specification of pre-generated key generation - parameters when negotiating ephemeral DHE ciphers in stream servers. - . "ecdh_curve" allows stream servers to specify which curve to use when - negotiating ephemeral ECDHE ciphers (defaults to NIST P-256). - . "rsa_key_size" SSL context option gives stream servers control - over the key size (in bits) used when negotiating RSA ciphers. - . "capture_session_meta" if specified stores an array of data describing - the TLS session's protocol/cipher in the "session_meta" SSL context key. - -- Added automatic mitigation against client-initated TLS renegotiation DoS - attacks in encrypted server streams. Renegotiation limiting may be - customized via three new SSL context options: - - . "reneg_limit" (number of allowed renegotiations per time window) - . "reneg_window" (renegotiation time window in seconds) - . "reneg_limit_callback" (optional notification callback on limiting) - -- Encrypted TLS servers now support the server name indication (SNI) TLS - extension via the new "SNI_server_certs" SSL context option. - -- Added "crypto_method" SSL context option for use in encrypted streams. - -- Added "peer_name" SSL context option to better reflect peer certificate - name matching using SAN extension (replaces deprecated "CN_match"). - -- Added stream wrapper support when specifying "cafile" SSL context paths. - -- Independent peer cert and peer name validation is now available via a new - boolean "verify_peer_name" SSL context option. This option is enabled by - default in encrypted client streams. - -- Added protocol-specific tlsv1.0://, tlsv1.1:// and tlsv1.2:// encryption - stream wrappers. tls:// wrapper now supports TLSv1.1 and TLSv1.2 (previously - only supported TLSv1). - -- Stream crypto method specification now accepts flags instead of values - allowing support for multiple discrete protocols in a given stream. - -- PostgreSQL database connections may now be established asynchronously using - new constants and polling functions in ext/pgsql. - -- Non-blocking read/write query behavior now optionally available in database - operations using the ext/pgsql extension. ======================================== - 2. Changes in SAPI modules + 3. Changes in SAPI modules ======================================== -- Added phpdbg SAPI. - (https://wiki.php.net/rfc/phpdbg) - -- Support for FPM workers changing the apparmor profile through the pool configuration. - (https://wiki.php.net/rfc/fpm_change_hat) - -- Support for several XML MIME types in the built-in CLI server. For static - files with extensions .xml, .xsl, .xsd the Content-Type header - application/xml is now sent automatically. ======================================== - 3. Deprecated Functionality + 4. Deprecated Functionality ======================================== -- Incompatible context calls: - Instance calls from an incompatible context are now deprecated and issue - E_DEPRECATED instead of E_STRICT. See https://wiki.php.net/rfc/incompat_ctx - -- The "CN_match" and "SNI_server_name" SSL context options are deprecated in - favor of the new "peer_name" option. Name verification now checks certificate - SAN names as well as the CN field and the specific name fields are deprecated - to avoid confusion. Their use triggers E_DEPRECATED but continues to work as - before. If specified, the specific values take precedence over the general - "peer_name" value. - -- Deprecated PDO::PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT, an - undocument constant effectively equivalent to PDO::ATTR_EMULATE_PREPARES. - -- Deprecated INIs: Following INIs are deprecated in favour of new - internal_encoding/input_encoding/output_encoding. Refer to "Changes to - encodings in PHP 5.6" in "11. Other Changes" section for more details. - - iconv.input_encoding - iconv.output_encoding - iconv.internal_encoding - mbstring.http_input - mbstring.http_output - mbstring.internal_encoding ======================================== - 4. Changed Functions + 5. Changed Functions ======================================== -- cURL: - CURLOPT_SAFE_UPLOAD is now turned on by default and uploads with @file - do not work unless it is explicitly set to false. - - curl_setopt() now supports the following nullable settings (>= 5.5.11): - . CURLOPT_CUSTOMREQUEST - . CURLOPT_FTPPORT - . CURLOPT_RANGE - . CURLOPT_FTP_ACCOUNT - . CURLOPT_RTSP_SESSION_ID - . CURLOPT_KRBLEVEL - . CURLOPT_KRB4LEVEL - -- Strings: - substr_compare() now allows $length to be zero. - -- Crypt: - crypt() will now raise an E_NOTICE error if the salt parameter is omitted. - See: https://wiki.php.net/rfc/crypt_function_salt - -- Mcrypt: - The $source parameter of mcrypt_create_iv() now defaults to - MCRYPT_DEV_URANDOM instead of MCRYPT_DEV_RANDOM. - -- XMLReader: - XMLReader::getAttributeNs and XMLReader::getAttributeNo now return NULL if - the attribute could not be found, just like XMLReader::getAttribute. - -- Pgsql: - pg_insert()/pg_select()/pg_update()/pg_delete() are no longer EXPERIMENTAL. - The following functions no longer block until query write completion if the - socket stream underlying a database connection is set to non-blocking mode: - . pg_send_execute() - . pg_send_prepare() - . pg_send_query() - . pg_send_query_params() - -- unserialize: - Manipulated serialization strings for objects implementing Serializable by - replacing "C:" with "O:" at the start will now produce an error. ======================================== - 5. New Functions + 6. New Functions ======================================== -- GMP: - Added gmp_root($a, $nth) and gmp_rootrem($a, $nth) for calculating nth roots. - -- Hash - Added hash_equals($known_string, $user_string) - -- OpenSSL: - Added string openssl_x509_fingerprint($x509, $type, $binary). - Added string openssl_spki_new($private_key, $challenge, $algorithm) - Added bool openssl_spki_verify($spkac) - Added string openssl_spki_export($spkac) - Added string openssl_spki_export_challenge($spkac) - Added array openssl_get_cert_locations() - -- LDAP: - Added ldap_escape($value, $ignore = "", $flags = 0). - Added ldap_modify_batch($link_identifier, $dn, $modifications) described in - https://wiki.php.net/rfc/ldap_modify_batch. - -- Pgsql: - Added pg_socket($connection) to allow async connections and non-blocking IO - Added pg_connect_poll($connection) for establishing async connections - Added pg_consume_input($connection) for non-blocking query result consumption - Added pg_flush($connection) for non-blocking query write completion - -- PDO_pgsql - Added PDO::pgsqlGetNotify($result_type = PDO::FETCH_USE_DEFAULT, $ms_timeout = 0) - Added PDO::pgsqlGetPid() - -- Zip: - Added ZipArchive::setPassword($password) - -- SPL - Added SplFileObject::fread($length) to complement fwrite() method (>= 5.5.11) ======================================== - 6. New Classes and Interfaces + 7. New Classes and Interfaces ======================================== @@@ -60,23 -289,184 +60,23 @@@ ======================================== - 8. Other Changes to Extensions + 9. Other Changes to Extensions ======================================== -- cURL: - - The following constants have been removed as they are now marked "obsolete" - in the underlying library and never had any effect to begin with: - . CURLOPT_CLOSEPOLICY - . CURLCLOSEPOLICY_CALLBACK - . CURLCLOSEPOLICY_LEAST_RECENTLY_USED - . CURLCLOSEPOLICY_LEAST_TRAFFIC - . CURLCLOSEPOLICY_OLDEST - . CURLCLOSEPOLICY_SLOWEST - -- GMP: - The GMP extension now uses objects as the underlying data structure, rather - than resources. GMP instances now support dumping, serialization, cloning, - casts to primitive types and have overloaded operators. - (RFC: https://wiki.php.net/rfc/operator_overloading_gmp) - -- OCI8: - - Added Implicit Result Set support for Oracle Database 12c with a - new oci_get_implicit_resultset() function. - - Using 'oci_execute($s, OCI_NO_AUTO_COMMIT)' for a SELECT no longer - unnecessarily initiates an internal ROLLBACK during connection - close. - - Multi-row OCI_RETURN_LOB queries require fewer "round trips" to the database. - - Added DTrace probes enabled with PHP's generic --enable-dtrace - - The oci_internal_debug() function is now a no-op. - - The phpinfo() output format for OCI8 has changed. - -- OpenSSL: - - The "SNI_enabled" SSL stream context option is now set to TRUE by default - if supported by the underlying openssl library. - -- PCRE: - - The information collected by the (*MARK) backtracking control verb is now - collected into the "MARK" index of the $matches array for preg_match(), - preg_match_all() and preg_replace_callback(). - -- Pgsql: - - pg_insert()/pg_select()/pg_update()/pg_delete()/pg_meta_data()/pg_convert() - are no longer EXPERIMENTAL - - Added PGSQL_DML_ESCAPE option for pg_insert()/pg_select()/pg_update()/pg_delete() - that simply escapes all supplied parameters. These functions can be as fast as - native query. Unvalidated data(Unknown data types) is passed as string. - JSON/Array/etc are supported both PGSQL_DML_ESCAPE and pg_convert() as string. - - pg_select() returns PostgreSQL query resource when query is executed. - - Added extended flag parameter for pg_meta_data(). pg_meta_data() always - returns "is enum" attribute. - - The new pg_socket() function returns a socket stream with no behavior other - than to allow IO-readiness polling on a DB connection socket. Calling - stream_set_blocking() on its result enables non-blocking behavior. - - Passing the new PGSQL_CONNECT_ASYNC flag to pg_connect() allows applications - to poll for IO readiness via pg_connect_poll() and establish connections - asynchronously. - -- PDO_pgsql: - - Added PDO::PGSQL_ATTR_DISABLE_PREPARES constant to execute the queries - without preparing them, while still passing parameters separately from - the command text using PQexecParams. - - Added LISTEN/NOTIFY support via PDO::pgsqlGetNotify / PDO::pgsqlGetPid() - as described in https://bugs.php.net/bug.php?id=42614. ======================================== - 9. New Global Constants + 10. New Global Constants ======================================== -- LDAP: - LDAP_ESCAPE_FILTER int(1) - LDAP_ESCAPE_DN int(2) - -- Pgsql: - PGSQL_DML_ESCAPE int(4096) - PGSQL_CONNECT_ASYNC - PGSQL_CONNECTION_STARTED - PGSQL_CONNECTION_MADE - PGSQL_CONNECTION_AWAITING_RESPONSE - PGSQL_CONNECTION_AUTH_OK - PGSQL_CONNECTION_SSL_STARTUP - PGSQL_CONNECTION_SETENV - PGSQL_POLLING_FAILED - PGSQL_POLLING_READING - PGSQL_POLLING_WRITING - PGSQL_POLLING_OK - PGSQL_POLLING_ACTIVE - -- OpenSSL: - STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT int(9) - STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT int(17) - STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT int(33) - STREAM_CRYPTO_METHOD_ANY_CLIENT int(63) - STREAM_CRYPTO_METHOD_TLSv1_0_SERVER int(8) - STREAM_CRYPTO_METHOD_TLSv1_1_SERVER int(16) - STREAM_CRYPTO_METHOD_TLSv1_2_SERVER int(32) - STREAM_CRYPTO_METHOD_ANY_SERVER int(62) - OPENSSL_DEFAULT_STREAM_CIPHERS string ======================================== - 10. Changes to INI File Handling + 11. Changes to INI File Handling ======================================== -- Core: - Changed always_populate_raw_post_data to throw a deprecation warning when - enabled and to recognize the value -1 for never populating the global - $HTTP_RAW_POST_DATA variable, which will be default in future PHP versions. - - default_charset is set to UTF-8. It was empty previously. default_charset - is used where it is applicable. Iconv/Mbstring/htmlentities/htmlspecialchars/ - html_entity_decode use default_charset as default encoding. - - internal_encoding/input_encoding/output_encoding is added for encoding - handling modules. Refer to "Changes to encodings in PHP 5.6" in "11. Other Changes" - section for more details. - -- cURL: - If the new openssl.cafile ini directive is specified ext/curl will give the - openssl path precedence over its own curl.cainfo directive. - -- OpenSSL: - openssl.cafile and openssl.capath ini directives have been added to allow - global CA default specification as necessary. ======================================== - 11. Other Changes + 12. Other Changes ======================================== -- File upload: - Uploads equal or greater than 2GB in size are now accepted. - -- HTTP stream wrapper: - HTTP 1.1 requests now include a Connection: close header unless explicitly - overridden by setting a Connection header via the header context option. - -- PDO_pgsql - A libpq version providing PQexecParams, PQprepare, PQescapeStringConn, - PQescapeByteaConn is now required. According to the release notes that means - 8.0.8+ or 8.1.4+. - -- Zip: - New --with-libzip option allow to use system libzip. Version > 0.11 required, - Version >= 0.11.2 recommended for all features. - -- Changes to encodings in PHP 5.6 - The default value of default_charset is now UTF-8 when it is not - explicitly set in php.ini - - The following php.ini parameters were added: - internal_encoding - input_encoding - output_encoding - - The values of the following php.ini parameters have become empty in - PHP 5.6 (previously they were all ISO-8859-1) - - iconv.input_encoding - iconv.output_encoding - iconv.internal_encoding - - Changes were made to character set handling in: - - the iconv and mbstring extensions, - - and htmlentities(), htmlspecialchars(), html_entity_decode() functions - - The precedence for these is now: - - default_charset < internal/input/output_encoding < (mbstring.* || iconv.*) < function parameter - - For example, the easiest way to use the UTF-8 encoding is to set - default_charset=UTF-8 and leave the following php.ini parameters - - empty: - - iconv.input_encoding - iconv.output_encoding - iconv.internal_encoding - mbstring.http_input - mbstring.http_output - mbstring.internal_encoding - internal_encoding - input_encoding - output_encoding - +- Standard + . call_user_method() and call_user_method_array() no longer exists.