Change int parameter types to bool when the parameter behaves as bool

Closes GH-6148

Remove deprecated pgsql signatures

As the comment indicates, these are deprecated in PHP 4.2...

Remove deprecated multi-parameter form of pg_connect()

Allow array_diff() and array_intersect() with single array argument

Both of these functions are well-defined when used with a single
array argument -- rejecting this case was an artifici

Allow array_diff() and array_intersect() with single array argument

Both of these functions are well-defined when used with a single
array argument -- rejecting this case was an artificial limitation.
This is not useful when called with explicit arguments, but removes
edge-cases when used with argument unpacking:

// OK even if $excludes is empty.
array_diff($array, ...$excludes);

// OK even if $arrays contains a single array only.
array_intersect(...$arrays);

This matches the behavior of functions like array_merge() and
array_push(), which also allow calls with no array or a single
array respectively.

Closes GH-6097.

show more ...

Improve error messages mentioning parameters instead of arguments

Closes GH-5999

Require $method parameter in openssl_seal/openssl_open

RC4 is considered insecure, and it's not possible to change the
default of these functions. As such, require the method to be
p

Require $method parameter in openssl_seal/openssl_open

RC4 is considered insecure, and it's not possible to change the
default of these functions. As such, require the method to be
passed explicitly.

Closes GH-6093.

show more ...

Drop support for crypt() without explicit salt

crypt() without salt generates a weak $1$ MD5 hash. It has been
throwing a notice since 2013 and we provide a much better alternative
i

Drop support for crypt() without explicit salt

crypt() without salt generates a weak $1$ MD5 hash. It has been
throwing a notice since 2013 and we provide a much better alternative
in password_hash() (which can auto-generate salts for strong
password hashes), so keeping this is just a liability.

show more ...

Update NEWS, UPGRADING

Fix #55847: DOTNET .NET 4.0 GAC new location

If we do not specify the exact version of the .NET framework to use,
the default CLR is loaded, which is typically CLR 2, which is very old.

Fix #55847: DOTNET .NET 4.0 GAC new location

If we do not specify the exact version of the .NET framework to use,
the default CLR is loaded, which is typically CLR 2, which is very old.
Therefore, we introduce a `PHP_INI_SYSTEM` setting, which allows users
to choose the desired .NET framework version. The value of the setting
are the first three parts of the framework's version number, separated
by dots, and prefixed with "v", e.g. "v4.0.30319". If the value of the
INI setting is `NULL` (the default) or an empty string, the default CLR
is used.

Internally, we switch from the most generic `CoCreateInstance()` to
`CorBindToRuntime()` which is implemented in mscoree.dll. To avoid the
hard dependency to that library, we load dynamically.

So this fix is supposed to be fully backwards compatible.

Closes GH-5949

show more ...

OCI8 classes were already renamed in 8; this now follows the new-new standard

Fix more basic function stubs

User-defined functions can't have multiple parameters with the same name.
Don't do that for var_dump/debug_zval_dump.

Consistently use array $array

Fix more basic function stubs

User-defined functions can't have multiple parameters with the same name.
Don't do that for var_dump/debug_zval_dump.

Consistently use array $array to match docs

Fix typo in UPGRADING

Fixes GH-6015

show more ...

Fix #79988: new reserved keyword `match` is a backward incompatible change

Expand upgrading note for namespaced name change

Mention the case from bug #79942.

[ci skip]

Revert "Prepare for PHP 8.1"

This reverts commit 1ab4d0e6b7abb67d5a01ce3327bf973772271fb2.
This reverts commit a359635cb1a4df8b5137a506c88c4cb102acac0e.

Prepare for PHP 8.1

Add upgrading note for the resource to object migration in ext/sockets

Minor grammar/consistency fixes in upgrade guide

[ci skip]

Deprecate libxml_disable_entity_loader()

This method was used to protect code against XXE processing attacks.
Since PHP now requires libxml >= 2.9.0 external entity loading no longer

Deprecate libxml_disable_entity_loader()

This method was used to protect code against XXE processing attacks.
Since PHP now requires libxml >= 2.9.0 external entity loading no longer
needs to be disabled to prevent these attacks. It is disabled by default.
Also, the method has an unwanted side effect that causes a lot of
confusion: Parsing XML data from resources like files is no longer possible.

Closes GH-5867.

show more ...

Bump libxml version requirement 2.7.6 => 2.9.0

Since libxml version 2.9.0 external entity loading is disabled by default.
Bumping the version requirement means that XML processing in PHP

Bump libxml version requirement 2.7.6 => 2.9.0

Since libxml version 2.9.0 external entity loading is disabled by default.
Bumping the version requirement means that XML processing in PHP is no
longer vulnerable to XXE processing attacks by default.

show more ...

FPM: Add pm.status_listen option

This option allows getting status from different endpoint (e.g. port
or UDS file) which is useful for getting status when all children are
busy with

FPM: Add pm.status_listen option

This option allows getting status from different endpoint (e.g. port
or UDS file) which is useful for getting status when all children are
busy with serving long running requests.

Internally a new shared pool with ondemand process manager is used. It
means that the status requests have reserved resources and should not
be blocked by other requests.

show more ...

[RFC] Only unserialize Phar metadata when getMetadata() is called

In other words, don't automatically unserialize when the magic
phar:// stream wrappers are used.
RFC: https://wiki.p

[RFC] Only unserialize Phar metadata when getMetadata() is called

In other words, don't automatically unserialize when the magic
phar:// stream wrappers are used.
RFC: https://wiki.php.net/rfc/phar_stop_autoloading_metadata

Also, change the signature from `getMetadata()`
to `getMetadata(array $unserialize_options = [])`.
Start throwing earlier if setMetadata() is called and serialization threw.

See https://externals.io/message/110856 and
https://bugs.php.net/bug.php?id=76774

This was refactored to add a phar_metadata_tracker for the following reasons:
- The way to properly copy a zval was previously implicit and undocumented
(e.g. is it a pointer to a raw string or an actual value)
- Avoid unnecessary serialization and unserialization in the most common case
- If a metadata value is serialized once while saving a new/modified phar file,
this allows reusing the same serialized string.
- Have as few ways to copy/clone/lazily parse metadata (etc.) as possible,
so that code changes can be limited to only a few places in the future.
- Performance is hopefully not a concern - copying a string should be faster
than unserializing a value, and metadata should be rare in most cases.

Remove unnecessary skip in a test(Compression's unused)

Add additional assertions about usage of persistent phars

Improve robustness of `Phar*->setMetadata()`

- Add sanity checks for edge cases freeing metadata, when destructors
or serializers modify the phar recursively.
- Typical use cases of php have phar.readonly=1 and would not be affected.

Closes GH-5855

show more ...

Make http stream wrapper advertise HTTP/1.1 by default

In practice, we always act as an HTTP/1.1 client, for compatibility
with servers which ignore protocol version. Sending the version

Make http stream wrapper advertise HTTP/1.1 by default

In practice, we always act as an HTTP/1.1 client, for compatibility
with servers which ignore protocol version. Sending the version in
the request will avoid problems with servers which don't ignore it.

HTTP/1.0 can still be forced using a stream context option.

Closes GH-5899.

show more ...

Merge branch 'levim/assert-throw'

This changes assert.exception to default to 1, or on by default.
Closes GH-5925.

Promote "undefined array key" notice to warning

This implements the last remaining part of the
https://wiki.php.net/rfc/engine_warnings RFC.

Closes GH-5927.

datetime: new format "p", same as "P" but returning "Z" for UTC