Deprecate MYSQLI_IS_MARIADB

Closes GH-8919

Implement Random Extension

https://wiki.php.net/rfc/rng_extension
https://wiki.php.net/rfc/random_extension_improvement

GH-8344 Fetch properties of enums in const expressions

Add FILTER_FLAG_GLOBAL_RANGE to filter Global IPs as per RFC 6890

Add "error_log_mode" setting

Allow to not close stream on rscr dtor in php cli sapi

[ci skip] Add DNF types to UPRADING (#9031)

see #8725

Extend deprecation notices to is_callable($foo) and callable $foo

Implements https://wiki.php.net/rfc/partially-supported-callables-expand-deprecation-notices
so that uses of "self" and

Extend deprecation notices to is_callable($foo) and callable $foo

Implements https://wiki.php.net/rfc/partially-supported-callables-expand-deprecation-notices
so that uses of "self" and "parent" in is_callable() and callable
type constraints now raise a deprecation notice, independent of the
one raised when and if the callable is actually invoked.

A new flag is added to the existing check_flags parameter of
zend_is_callable / zend_is_callable_ex, for use in internal calls
that would otherwise repeat the notice multiple times. In particular,
arguments to internal function calls are checked first based on
arginfo, and then again during ZPP, so the former suppresses the
deprecation notice.

Some existing tests which raised this deprecation have been updated
to avoid the syntax, but the existing version retained for maximum
regression coverage until it is made an error.

With thanks to Juliette Reinders Folmer for the RFC and initial
investigation.

Closes GH-8823.

show more ...

Fix GH-8750: Can not create VT_ERROR variant type

We add support for creating `VT_ERROR` variants via `__construct()`,
and allow casting to int via `variant_cast()` and `variant_set_type

Fix GH-8750: Can not create VT_ERROR variant type

We add support for creating `VT_ERROR` variants via `__construct()`,
and allow casting to int via `variant_cast()` and `variant_set_type()`.
We do not, however, allow type conversion by other means, to avoid
otherwise easily introduced type confusion. VB(A) also only allows
explicit type conversion.

We also introduce `DISP_E_PARAMNOTFOUND` which might be the most
important `scode` for this purpose, since this allows to skip optional
parameters in method calls.

Closes GH-8886.

show more ...

NEWS/UPGRADING changes

[ci skip] NEWS

Fix GH-8924 str_split of empty string must return empty array

Closes #8945.

Update UPGRADING

[ci skip] Fix typo

Fix GH-8907: Document forgotten API changes.

binary safe string comparisons and recent socket option addition.

Closes #8910.

[ci skip] NEWS and UPGRADING

[ci skip] Add true type support to UPGRADING file

Closes GH-8826.

Implement #77726: Allow null character in regex patterns

In 8b3c1a3, this was disallowed to fix #55856, which was a security
issue caused by the /e modifier. The fix that was made was th

Implement #77726: Allow null character in regex patterns

In 8b3c1a3, this was disallowed to fix #55856, which was a security
issue caused by the /e modifier. The fix that was made was the
"Easier fix" as described in the original report.

With this fix, pattern strings are no longer treated as null terminated,
so null characters can be placed inside and matched against with regex
patterns without security problems, so there is no longer a reason to
give the error. Allowing this is consistent with the behaviour of many
other languages, including JavaScript, and thanks to PCRE2[0], it does
not require manually escaping null characters. Now that we can avoid the
error here without the cost of escaping characters, there is really no
need anymore to stray here from the conventional behaviour.

Currently, null characters are still disallowed before the first
delimiter and in the options section at the end of a regex string, but
these error messages have been updated.

[0] Since PCRE2, pattern strings no longer have to be null terminated,
and raw null characters match as normal.

Closes GH-8114.

show more ...

Deprecate zend_atol() / add zend_ini_parse_quantity() (#7951)

Add zend_ini_parse_quantity() and deprecate zend_atol(), zend_atoi()

zend_atol() and zend_atoi() don't just do number p

Deprecate zend_atol() / add zend_ini_parse_quantity() (#7951)

Add zend_ini_parse_quantity() and deprecate zend_atol(), zend_atoi()

zend_atol() and zend_atoi() don't just do number parsing.
They also check for a 'K', 'M', or 'G' at the end of the string,
and multiply the parsed value out accordingly.

Unfortunately, they ignore any other non-numerics between the
numeric component and the last character in the string.
This means that numbers such as the following are both valid
and non-intuitive in their final output.

* "123KMG" is interpreted as "123G" -> 132070244352
* "123G " is interpreted as "123 " -> 123
* "123GB" is interpreted as "123B" -> 123
* "123 I like tacos." is also interpreted as "123." -> 123

Currently, in php-src these functions are used only for parsing ini values.

In this change we deprecate zend_atol(), zend_atoi(), and introduce a new
function with the same behavior, but with the ability to report invalid inputs
to the caller. The function's name also makes the behavior less unexpected:
zend_ini_parse_quantity().

Co-authored-by: Sara Golemon <pollita@php.net>

show more ...

Add new curl_upkeep() function

Expose new constants from libcurl 7.62 to 7.80

Add deprecation notices to utf8_encode and utf8_decode

Implements initial stage of accepted RFC to remove them:
https://wiki.php.net/rfc/remove_utf8_decode_and_utf8_encode

Tests

Add deprecation notices to utf8_encode and utf8_decode

Implements initial stage of accepted RFC to remove them:
https://wiki.php.net/rfc/remove_utf8_decode_and_utf8_encode

Tests relating to SOAP and htmlspecialchars seem to have been
using this entirely unnecessarily, so have been fixed.

Closes GH-8726.

show more ...

Add `SO_SETFIB` FreeBSD socket option constant.

Aims to set the route table.
Closes #8742.

Remove internal usage of SplFileInfo::_bad_state_ex() method (#8318)

* Use standard VM handling instead
* Deprecate the method as it is now useless

Add `SO_BPF_EXTENSIONS` flag to socket.

Returns the supported bpf extensions from the kernel. Linux only.
Closes GH-8713.