#
dfa6c204 |
| 28-Jan-2019 |
Christoph M. Becker |
Remove deprecated image2wbmp() Cf. <https://wiki.php.net/rfc/image2wbmp>. |
#
e1181511 |
| 28-Jan-2019 |
Nikita Popov |
Clear NEWS, UPGRADING and UPGRADING.INTERNALS |
#
b1e9c73b |
| 29-Dec-2018 |
Andreas Treichel |
Allow strip_tags with an array of allowed tagnames |
#
89a4c172 |
| 22-Jan-2019 |
Nikita Popov |
Remove the "o" serialization format We never generate the "o" format during serialization, so let's not keep this unnecessary attack surface around. |
#
a50198d0 |
| 15-Jan-2019 |
Nikita Popov |
Implement ??= operator RFC: https://wiki.php.net/rfc/null_coalesce_equal_operator $a ??= $b is $a ?? ($a = $b), with the difference that $a is only evaluated once, to the degree
Implement ??= operator RFC: https://wiki.php.net/rfc/null_coalesce_equal_operator $a ??= $b is $a ?? ($a = $b), with the difference that $a is only evaluated once, to the degree that this is possible. In particular in $a[foo()] ?? $b function foo() is only ever called once. However, the variable access themselves will be reevaluated.
show more ...
|
#
36c82557 |
| 21-Jan-2019 |
Christoph M. Becker |
[ci skip] Note preloading and ext/ffi in UPGRADING |
#
570d4311 |
| 21-Jan-2019 |
Christoph M. Becker |
Use pkg-config to detect and configure for system libgd Formerly, a single option `--with-gd` was sufficient to enable the extension, and to determine whether to use the system or the bu
Use pkg-config to detect and configure for system libgd Formerly, a single option `--with-gd` was sufficient to enable the extension, and to determine whether to use the system or the bundled libgd depending on whether a directory was passed. Since pkg-config determines the path automatically, we now offer `--enable-gd` (whether the extension should be build) and `--with-external-gd` (whether to use the system libgd).
show more ...
|
#
58a2ced0 |
| 19-Jan-2019 |
Tyson Andre |
[ci skip] Fix typos in UPGRADING |
#
48ca2c08 |
| 15-Jan-2019 |
Nikita Popov |
Document pkg-config related changes Creating a separate section in UPGRADING for this, as there are a lot of these, and there's going to be more of them. |
#
e219ec14 |
| 07-Jan-2019 |
Nikita Popov |
Implement typed properties RFC: https://wiki.php.net/rfc/typed_properties_v2 This is a squash of PR #3734, which is a squash of PR #3313. Co-authored-by: Bob Weinand <bobwe
Implement typed properties RFC: https://wiki.php.net/rfc/typed_properties_v2 This is a squash of PR #3734, which is a squash of PR #3313. Co-authored-by: Bob Weinand <bobwei9@hotmail.com> Co-authored-by: Joe Watkins <krakjoe@php.net> Co-authored-by: Dmitry Stogov <dmitry@zend.com>
show more ...
|
#
74c0e580 |
| 19-Nov-2018 |
Sammy Kaye Powers |
Improve openssl_random_pseudo_bytes() CSPRNG implementations should always fail closed. Now openssl_random_pseudo_bytes() will fail closed by throwing an `\Exception` in fail conditi
Improve openssl_random_pseudo_bytes() CSPRNG implementations should always fail closed. Now openssl_random_pseudo_bytes() will fail closed by throwing an `\Exception` in fail conditions. RFC: https://wiki.php.net/rfc/improve-openssl-random-pseudo-bytes
show more ...
|
#
3c9af309 |
| 29-Dec-2018 |
Andreas Treichel |
Preserve aspect ratio for width or height |
#
a9e66678 |
| 04-Jan-2019 |
Nikita Popov |
Detect invalid uses of parent:: during compilation We already detect the case where we're entirely outside a class -- now also check whether there actually is a parent. This is
Detect invalid uses of parent:: during compilation We already detect the case where we're entirely outside a class -- now also check whether there actually is a parent. This is a minor BC break, in that code that was never executed might have previously contained an invalid parent:: reference without generating an error.
show more ...
|
#
f1c0e671 |
| 26-Dec-2018 |
Nikita Popov |
Add performance improvement section to UPGRADING [ci skip] |
#
285a077c |
| 07-Nov-2018 |
Eli Schwartz |
ext/gd: use --with instead of --enable By convention it probably makes sense to stick with this even when dropping the *-dir=DIR part. See: https://github.com/php/php-src/pu
ext/gd: use --with instead of --enable By convention it probably makes sense to stick with this even when dropping the *-dir=DIR part. See: https://github.com/php/php-src/pull/3632#discussion_r229474568 https://autotools.io/autoconf/arguments.html
show more ...
|
#
82af24f2 |
| 18-Oct-2018 |
BohwaZ |
Implement SQLite3Stmt::getSQL method, returning the original statement SQL, eventually expanded |
#
3b0f0511 |
| 02-Dec-2018 |
Christoph M. Becker |
Allow empty $escape to eschew escaping CSV Albeit CSV is still a widespread data exchange format, it has never been officially standardized. There exists, however, the “informational” R
Allow empty $escape to eschew escaping CSV Albeit CSV is still a widespread data exchange format, it has never been officially standardized. There exists, however, the “informational” RFC 4180[1] which has no notion of escape characters, but rather defines `escaped` as strings enclosed in double-quotes where contained double-quotes have to be doubled. While this concept is supported by PHP's implementation (`$enclosure`), the `$escape` sometimes interferes, so that `fgetcsv()` is unable to correctly parse externally generated CSV, and `fputcsv()` is sometimes generating non-compliant CSV. Since PHP's `$escape` concept is availble for many years, we cannot drop it for BC reasons (even though many consider it as bug). Instead we allow to pass an empty string as `$escape` parameter to the respective functions, which results in ignoring/omitting any escaping, and as such is more inline with RFC 4180. It is noteworthy that this is almost no userland BC break, since formerly most functions did not accept an empty string, and failed in this case. The only exception was `str_getcsv()` which did accept an empty string, and used a backslash as escape character then (which appears to be unintended behavior, anyway). The changed functions are `fputcsv()`, `fgetcsv()` and `str_getcsv()`, and also the `::setCsvControl()`, `::getCsvControl()`, `::fputcsv()`, and `::fgetcsv()` methods of `SplFileObject`. The implementation also changes the type of the escape parameter of the PHP_APIs `php_fgetcsv()` and `php_fputcsv()` from `char` to `int`, where `PHP_CSV_NO_ESCAPE` means to ignore/omit escaping. The parameter accepts the same values as `isalpha()` and friends, i.e. “the value of which shall be representable as an `unsigned char` or shall equal the value of the macro `EOF`. If the argument has any other value, the behavior is undefined.” This is a subtle BC break, since the character `chr(128)` has the value `-1` if `char` is signed, and so likely would be confused with `EOF` when converted to `int`. We consider this BC break to be acceptable, since it's rather unlikely that anybody uses `chr(128)` as escape character, and it easily can be fixed by casting all `escape` arguments to `unsigned char`. This patch implements the feature requests 38301[2] and 51496[3]. [1] <https://tools.ietf.org/html/rfc4180> [2] <https://bugs.php.net/bug.php?id=38301> [3] <https://bugs.php.net/bug.php?id=51496>
show more ...
|
#
8c781c1c |
| 12-Dec-2018 |
Christoph M. Becker |
Resolve imagecropauto() default $mode quirk The `$mode` parameter of `imagecropauto()` defaults to `-1`. However, `-1` is changed to `GD_CROP_DEFAULT` right away, so basically the d
Resolve imagecropauto() default $mode quirk The `$mode` parameter of `imagecropauto()` defaults to `-1`. However, `-1` is changed to `GD_CROP_DEFAULT` right away, so basically the default is `GD_CROP_DEFAULT`, which is rather confusing and unnecessary. Therefore, we change the default to `IMG_CROP_DEFAULT`, but still allow an explicit `-1` to be passed for BC reasons, in which case we trigger a deprecation notice, so we can rid the `-1` support eventually.
show more ...
|
#
f0f4ab4b |
| 01-Dec-2018 |
Christoph M. Becker |
[ci skip] Fix names of the constants `GD_CROP_DEFAULT` and `GD_CROP_SIDES` are names of libgd constants, and as such they are not relevant for userland developers. Therefore, we rep
[ci skip] Fix names of the constants `GD_CROP_DEFAULT` and `GD_CROP_SIDES` are names of libgd constants, and as such they are not relevant for userland developers. Therefore, we replace them by the constant names of our wrapper, i.e. `IMG_CROP_DEFAULT` and `IMG_CROP_SIDES`, respectively.
show more ...
|
#
dcad13e8 |
| 25-Nov-2018 |
Christoph M. Becker |
Fix #73291: imagecropauto() $threshold differs from external libgd Since upstream does not appear to move in any way[1], we sync our behavior. Even though the BC break is ugly (which is
Fix #73291: imagecropauto() $threshold differs from external libgd Since upstream does not appear to move in any way[1], we sync our behavior. Even though the BC break is ugly (which is the reason we target master only), having to deal with different algorithms is even worse for portable userland code. [1] <https://github.com/libgd/libgd/issues/334>
show more ...
|
#
947ca9f4 |
| 25-Nov-2018 |
Christoph M. Becker |
Sync behavior of gdImageAutoCrop() with upstream Since cropping support has been added to our bundled libgd, `gdImageAutoCrop` differs from upstream in that `GD_CROP_DEFAULT` falls b
Sync behavior of gdImageAutoCrop() with upstream Since cropping support has been added to our bundled libgd, `gdImageAutoCrop` differs from upstream in that `GD_CROP_DEFAULT` falls back on `GD_CROP_SIDES` if there is no transparent color in the image. While this difference seem to be a useful improvement in our bundled libgd, upstream has not yet signaled that there willing to back-port it[1], so we revert it to stay in sync with upstream. We also remove the additional NULL bailout at the end of the function, which doesn't appear to be relevant any longer since bug 77198 has been fixed. [1] <https://github.com/libgd/libgd/issues/298>
show more ...
|
#
a757ebb5 |
| 29-Nov-2018 |
Christoph M. Becker |
Require SQLite ≥ 3.7.4 for ext/sqlite3 `SQLite3::readOnly()` uses `sqlite3_stmt_readonly()` which is only available as of libsqlite 3.7.4. For older SQLite3 versions we return alway
Require SQLite ≥ 3.7.4 for ext/sqlite3 `SQLite3::readOnly()` uses `sqlite3_stmt_readonly()` which is only available as of libsqlite 3.7.4. For older SQLite3 versions we return always `false`, which can be confusing. Instead of sticking with this behavior, or even undefining the method for old SQLite3 versions, we lift the requirements to SQLite 3.7.4 (released on 2010-12-08), according to a respective discussion[1]. Since pdo_sqlite doesn't use `sqlite3_stmt_readonly()`, we stick with the minimum requirement of SQLite 3.5.0. [1] <https://github.com/php/php-src/pull/3614>
show more ...
|
#
035de21d |
| 29-Nov-2018 |
Christoph M. Becker |
Deny (un)serialization of SQLite3, SQLite3Stmt and SQLite3Result Serializing `SQLite3`, `SQLite3Stmt` and `SQLite3Result` instances is possible but pointless, since unserializing results
Deny (un)serialization of SQLite3, SQLite3Stmt and SQLite3Result Serializing `SQLite3`, `SQLite3Stmt` and `SQLite3Result` instances is possible but pointless, since unserializing results in uninitialized instances, which will bail out of any method call. Therefore, we deny serialization and unserialization in the first place.
show more ...
|
#
28edeb2b |
| 26-Nov-2018 |
Nikita Popov |
User serialize_deny for PDOStatement as well |
#
6e4b2026 |
| 26-Nov-2018 |
Nikita Popov |
Switch PDO to use serialize_deny And remove dummy __sleep/__wakeup. This switches the thrown exception type from PDOException to Exception. |