Deprecate use of mbstring to convert text to Base64/QPrint/HTML entities/etc

The purpose of mbstring is for working with Unicode and legacy text
encodings; but Base64, QPrint, etc. are n

Deprecate use of mbstring to convert text to Base64/QPrint/HTML entities/etc

The purpose of mbstring is for working with Unicode and legacy text
encodings; but Base64, QPrint, etc. are not text encodings and don't
really belong in mbstring. PHP already contains separate implementations
of Base64, QPrint, and HTML entities. It will be better to eventually
remove these non-encodings from mbstring.

Regarding HTML entities... there is a bit more to say. mbstring's
implementation of HTML entities is different from the other built-in
implementation (htmlspecialchars and htmlentities). Those functions
convert <, >, and & to HTML entities, but mbstring does not.

It appears that the original author of mbstring intended for something
to be done with <, >, and &. He used a table to identify which
characters should be converted to HTML entities, and </>/& all have a
special value in that table. However, nothing ever checks for that
special value, so the characters are passed through unconverted.

This seems like a very useless implementation of HTML entities. The most
important characters which need to be expressed as entities in HTML
documents are those three!

show more ...

Fix a method name `ZipArchive::clearError` typo

Closes GH-7616.

Refactor DBA

Use proper ZPP union types
Use standard function signature semantics for dba_fetch()
Re-ordering of checks

Deprecate partially supported callables

This deprecates all callables that are accepted by
call_user_func($callable) but not by $callable(). In particular:

"self::method"

Deprecate partially supported callables

This deprecates all callables that are accepted by
call_user_func($callable) but not by $callable(). In particular:

"self::method"
"parent::method"
"static::method"
["self", "method"]
["parent", "method"]
["static", "method"]
["Foo", "Bar::method"]
[new Foo, "Bar::method"]

RFC: https://wiki.php.net/rfc/deprecate_partially_supported_callables

Closes GH-7446.

show more ...

Add `CURLINFO_EFFECTIVE_METHOD`

Since Curl 7.72.0, it supports a new parameter
called `CURLINFO_EFFECTIVE_METHOD`, which returns the effect method
in HTTP(s) requests. This is simila

Add `CURLINFO_EFFECTIVE_METHOD`

Since Curl 7.72.0, it supports a new parameter
called `CURLINFO_EFFECTIVE_METHOD`, which returns the effect method
in HTTP(s) requests. This is similar to `CURLINFO_EFFECTIVE_URL`.

- https://curl.se/libcurl/c/CURLINFO_EFFECTIVE_METHOD.html

This adds support for CURLINFO_EFFECTIVE_URL if ext/curl is built
with libcurl >= 7.72.0 (0x074800).

Closes GH-7595.

show more ...

add note in UPGRADING

Add ZipArchive::clearError, getStreamIndex and getStreamName methods

public function clearError(): void {}
public function getStreamIndex(int $index, int $flags = 0) {}
p

Add ZipArchive::clearError, getStreamIndex and getStreamName methods

public function clearError(): void {}
public function getStreamIndex(int $index, int $flags = 0) {}
public function getStreamName(string $name, int $flags = 0) {}

ZipArchive::getStream is kept for BC

See https://github.com/pierrejoye/php_zip/issues/20

show more ...

Revert "Fix DATE_FORMAT_COOKIE definition"

This reverts commit ac34648cf6bf5493a8cd1a4c9a82406599f3f25c.

As pointed out on GH-6783, the new format doesn't match any of
the speci

Revert "Fix DATE_FORMAT_COOKIE definition"

This reverts commit ac34648cf6bf5493a8cd1a4c9a82406599f3f25c.

As pointed out on GH-6783, the new format doesn't match any of
the specified formats. Previously the constant generated

Thursday, 14-Jul-2005 22:30:41 BST

which is obsolete. Now it generates

Thu, 14-Jul-2005 22:30:41 BST

which is not specified at all. The correct version would be:

Thu, 14 Jul 2005 22:30:41 BST

Reverting the change for now.

show more ...

Fix DATE_FORMAT_COOKIE definition

In all of http://curl.haxx.se/rfc/cookie_spec.html,
https://docs.microsoft.com/de-de/windows/win32/wininet/http-cookies
and https://tools.ietf.org/h

Fix DATE_FORMAT_COOKIE definition

In all of http://curl.haxx.se/rfc/cookie_spec.html,
https://docs.microsoft.com/de-de/windows/win32/wininet/http-cookies
and https://tools.ietf.org/html/rfc7234#section-5.3 the cookie
datetime is specified as Mon, DD-Mon-YYYY HH:MM:SS GMT. However,
the current definition returns Monday, DD-Mon-YYY HH:MM:SS GMT.
Therefore, the "l" in "l, d-M-Y H:i:s T" must be changed to "D".

Closes GH-6783.

show more ...

Update Unicode tables to 14.0.0

Closes GH-7502.

typo

Fixed typo

Prepare for PHP 8.2

Add UPGRADING for ini parser changes

Missed the "git add" once again...

[ci skip]

Switch default PKCS7/CMS cipher to AES-128-CBC

Switch default cipher for openssl_pkcs7_encrypt() and
openssl_cms_encrypt() from RC2-40 to AES-128-CBC.

The RC2-40 cipher is consi

Switch default PKCS7/CMS cipher to AES-128-CBC

Switch default cipher for openssl_pkcs7_encrypt() and
openssl_cms_encrypt() from RC2-40 to AES-128-CBC.

The RC2-40 cipher is considered insecure and is not loaded by
default in OpenSSL 3, which means that these functions will
always fail with default arguments.

As the used algorithm is embedded in the result (which makes this
different from the openssl_encrypt() case) changing the default
algorithm should be safe.

Closes GH-7357.

show more ...

Lossless conversion for webp

Propagating lossless conversion from libgd to our bundled gd.
Changing "quantization" to "quality" as in libgd.
Adding test.

IMG_WEBP_LOSSLESS i

Lossless conversion for webp

Propagating lossless conversion from libgd to our bundled gd.
Changing "quantization" to "quality" as in libgd.
Adding test.

IMG_WEBP_LOSSLESS is only defined, if lossless WebP encoding is
supported by the libgd used.

Closes GH-7348.

show more ...

NEWS

NEWS

Do not special case export of EC keys

All other private keys are exported in PKCS#8 format, while EC
keys use traditional format. Switch them to use PKCS#8 format as
well.

A

Do not special case export of EC keys

All other private keys are exported in PKCS#8 format, while EC
keys use traditional format. Switch them to use PKCS#8 format as
well.

As the OpenSSL docs say:

> PEM_write_bio_PrivateKey_traditional() writes out a private key
> in the "traditional" format with a simple private key marker and
> should only be used for compatibility with legacy programs.

show more ...

[ci skip] UPGRADING: oci8.old_oci_close_semantics has been deprecated

Implement readonly properties

Add support for readonly properties, for which only a single
initializing assignment from the declaring scope is allowed.

RFC: https://wiki.php.net

Implement readonly properties

Add support for readonly properties, for which only a single
initializing assignment from the declaring scope is allowed.

RFC: https://wiki.php.net/rfc/readonly_properties_v2

Closes GH-7089.

show more ...

Deprecate autovivification on false

Deprecate automatically converting "false" into an empty array
on write operands. Autovivification continues to be supported
for "null" values, as

Deprecate autovivification on false

Deprecate automatically converting "false" into an empty array
on write operands. Autovivification continues to be supported
for "null" values, as well as undefined/uninitialized values.

RFC: https://wiki.php.net/rfc/autovivification_false

Closes GH-7131.

Co-authored-by: Tyson Andre <tysonandre775@hotmail.com>
Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>

show more ...

[skip-ci] Fixup UPGRADING documents

Some entries were in the wrong section/wrong document.

Don't return bool from Phar::offsetUnset()

This violates the ArrayAccess interface. Use offsetExists() to
check if an entry exists.

Add UPGRADING entry for socket options

[ci skip]