History log of /php-src/UPGRADING (Results 976 – 1000 of 1776)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
(<<< Hide modified files)
(Show modified files >>>)
# dfa6c204 28-Jan-2019 Christoph M. Becker

Remove deprecated image2wbmp()

Cf. <https://wiki.php.net/rfc/image2wbmp>.

# e1181511 28-Jan-2019 Nikita Popov

Clear NEWS, UPGRADING and UPGRADING.INTERNALS

# b1e9c73b 29-Dec-2018 Andreas Treichel

Allow strip_tags with an array of allowed tagnames

# 89a4c172 22-Jan-2019 Nikita Popov

Remove the "o" serialization format

We never generate the "o" format during serialization, so let's not
keep this unnecessary attack surface around.

# a50198d0 15-Jan-2019 Nikita Popov

Implement ??= operator

RFC: https://wiki.php.net/rfc/null_coalesce_equal_operator

$a ??= $b is $a ?? ($a = $b), with the difference that $a is only
evaluated once, to the degree

Implement ??= operator

RFC: https://wiki.php.net/rfc/null_coalesce_equal_operator

$a ??= $b is $a ?? ($a = $b), with the difference that $a is only
evaluated once, to the degree that this is possible. In particular
in $a[foo()] ?? $b function foo() is only ever called once.
However, the variable access themselves will be reevaluated.

show more ...

# 36c82557 21-Jan-2019 Christoph M. Becker

[ci skip] Note preloading and ext/ffi in UPGRADING

# 570d4311 21-Jan-2019 Christoph M. Becker

Use pkg-config to detect and configure for system libgd

Formerly, a single option `--with-gd` was sufficient to enable the
extension, and to determine whether to use the system or the bu

Use pkg-config to detect and configure for system libgd

Formerly, a single option `--with-gd` was sufficient to enable the
extension, and to determine whether to use the system or the bundled
libgd depending on whether a directory was passed. Since pkg-config
determines the path automatically, we now offer `--enable-gd` (whether
the extension should be build) and `--with-external-gd` (whether to use
the system libgd).

show more ...

# 58a2ced0 19-Jan-2019 Tyson Andre

[ci skip] Fix typos in UPGRADING

# 48ca2c08 15-Jan-2019 Nikita Popov

Document pkg-config related changes

Creating a separate section in UPGRADING for this, as there are a
lot of these, and there's going to be more of them.

# e219ec14 07-Jan-2019 Nikita Popov

Implement typed properties

RFC: https://wiki.php.net/rfc/typed_properties_v2

This is a squash of PR #3734, which is a squash of PR #3313.

Co-authored-by: Bob Weinand <bobwe

Implement typed properties

RFC: https://wiki.php.net/rfc/typed_properties_v2

This is a squash of PR #3734, which is a squash of PR #3313.

Co-authored-by: Bob Weinand <bobwei9@hotmail.com>
Co-authored-by: Joe Watkins <krakjoe@php.net>
Co-authored-by: Dmitry Stogov <dmitry@zend.com>

show more ...

# 74c0e580 19-Nov-2018 Sammy Kaye Powers

Improve openssl_random_pseudo_bytes()

CSPRNG implementations should always fail closed. Now
openssl_random_pseudo_bytes() will fail closed by throwing an
`\Exception` in fail conditi

Improve openssl_random_pseudo_bytes()

CSPRNG implementations should always fail closed. Now
openssl_random_pseudo_bytes() will fail closed by throwing an
`\Exception` in fail conditions.

RFC: https://wiki.php.net/rfc/improve-openssl-random-pseudo-bytes

show more ...

# 3c9af309 29-Dec-2018 Andreas Treichel

Preserve aspect ratio for width or height

# a9e66678 04-Jan-2019 Nikita Popov

Detect invalid uses of parent:: during compilation

We already detect the case where we're entirely outside a class --
now also check whether there actually is a parent.

This is

Detect invalid uses of parent:: during compilation

We already detect the case where we're entirely outside a class --
now also check whether there actually is a parent.

This is a minor BC break, in that code that was never executed
might have previously contained an invalid parent:: reference without
generating an error.

show more ...

# f1c0e671 26-Dec-2018 Nikita Popov

Add performance improvement section to UPGRADING

[ci skip]

# 285a077c 07-Nov-2018 Eli Schwartz

ext/gd: use --with instead of --enable

By convention it probably makes sense to stick with this even when
dropping the *-dir=DIR part.

See:
https://github.com/php/php-src/pu

ext/gd: use --with instead of --enable

By convention it probably makes sense to stick with this even when
dropping the *-dir=DIR part.

See:
https://github.com/php/php-src/pull/3632#discussion_r229474568
https://autotools.io/autoconf/arguments.html

show more ...

# 82af24f2 18-Oct-2018 BohwaZ

Implement SQLite3Stmt::getSQL method, returning the original statement SQL, eventually expanded

# 3b0f0511 02-Dec-2018 Christoph M. Becker

Allow empty $escape to eschew escaping CSV

Albeit CSV is still a widespread data exchange format, it has never been
officially standardized. There exists, however, the “informational” R

Allow empty $escape to eschew escaping CSV

Albeit CSV is still a widespread data exchange format, it has never been
officially standardized. There exists, however, the “informational” RFC
4180[1] which has no notion of escape characters, but rather defines
`escaped` as strings enclosed in double-quotes where contained
double-quotes have to be doubled. While this concept is supported by
PHP's implementation (`$enclosure`), the `$escape` sometimes interferes,
so that `fgetcsv()` is unable to correctly parse externally generated
CSV, and `fputcsv()` is sometimes generating non-compliant CSV. Since
PHP's `$escape` concept is availble for many years, we cannot drop it
for BC reasons (even though many consider it as bug). Instead we allow
to pass an empty string as `$escape` parameter to the respective
functions, which results in ignoring/omitting any escaping, and as such
is more inline with RFC 4180. It is noteworthy that this is almost no
userland BC break, since formerly most functions did not accept an empty
string, and failed in this case. The only exception was `str_getcsv()`
which did accept an empty string, and used a backslash as escape
character then (which appears to be unintended behavior, anyway).

The changed functions are `fputcsv()`, `fgetcsv()` and `str_getcsv()`,
and also the `::setCsvControl()`, `::getCsvControl()`, `::fputcsv()`,
and `::fgetcsv()` methods of `SplFileObject`.

The implementation also changes the type of the escape parameter of the
PHP_APIs `php_fgetcsv()` and `php_fputcsv()` from `char` to `int`, where
`PHP_CSV_NO_ESCAPE` means to ignore/omit escaping. The parameter
accepts the same values as `isalpha()` and friends, i.e. “the value of
which shall be representable as an `unsigned char` or shall equal the
value of the macro `EOF`. If the argument has any other value, the
behavior is undefined.” This is a subtle BC break, since the character
`chr(128)` has the value `-1` if `char` is signed, and so likely would
be confused with `EOF` when converted to `int`. We consider this BC
break to be acceptable, since it's rather unlikely that anybody uses
`chr(128)` as escape character, and it easily can be fixed by casting
all `escape` arguments to `unsigned char`.

This patch implements the feature requests 38301[2] and 51496[3].

[1] <https://tools.ietf.org/html/rfc4180>
[2] <https://bugs.php.net/bug.php?id=38301>
[3] <https://bugs.php.net/bug.php?id=51496>

show more ...

# 8c781c1c 12-Dec-2018 Christoph M. Becker

Resolve imagecropauto() default $mode quirk

The `$mode` parameter of `imagecropauto()` defaults to `-1`. However,
`-1` is changed to `GD_CROP_DEFAULT` right away, so basically the
d

Resolve imagecropauto() default $mode quirk

The `$mode` parameter of `imagecropauto()` defaults to `-1`. However,
`-1` is changed to `GD_CROP_DEFAULT` right away, so basically the
default is `GD_CROP_DEFAULT`, which is rather confusing and
unnecessary.

Therefore, we change the default to `IMG_CROP_DEFAULT`, but still allow
an explicit `-1` to be passed for BC reasons, in which case we trigger
a deprecation notice, so we can rid the `-1` support eventually.

show more ...

# f0f4ab4b 01-Dec-2018 Christoph M. Becker

[ci skip] Fix names of the constants

`GD_CROP_DEFAULT` and `GD_CROP_SIDES` are names of libgd constants, and
as such they are not relevant for userland developers. Therefore, we
rep

[ci skip] Fix names of the constants

`GD_CROP_DEFAULT` and `GD_CROP_SIDES` are names of libgd constants, and
as such they are not relevant for userland developers. Therefore, we
replace them by the constant names of our wrapper, i.e.
`IMG_CROP_DEFAULT` and `IMG_CROP_SIDES`, respectively.

show more ...

# dcad13e8 25-Nov-2018 Christoph M. Becker

Fix #73291: imagecropauto() $threshold differs from external libgd

Since upstream does not appear to move in any way[1], we sync our
behavior. Even though the BC break is ugly (which is

Fix #73291: imagecropauto() $threshold differs from external libgd

Since upstream does not appear to move in any way[1], we sync our
behavior. Even though the BC break is ugly (which is the reason we
target master only), having to deal with different algorithms is even
worse for portable userland code.

[1] <https://github.com/libgd/libgd/issues/334>

show more ...

# 947ca9f4 25-Nov-2018 Christoph M. Becker

Sync behavior of gdImageAutoCrop() with upstream

Since cropping support has been added to our bundled libgd,
`gdImageAutoCrop` differs from upstream in that `GD_CROP_DEFAULT` falls
b

Sync behavior of gdImageAutoCrop() with upstream

Since cropping support has been added to our bundled libgd,
`gdImageAutoCrop` differs from upstream in that `GD_CROP_DEFAULT` falls
back on `GD_CROP_SIDES` if there is no transparent color in the image.
While this difference seem to be a useful improvement in our bundled
libgd, upstream has not yet signaled that there willing to back-port
it[1], so we revert it to stay in sync with upstream.

We also remove the additional NULL bailout at the end of the function,
which doesn't appear to be relevant any longer since bug 77198 has been
fixed.

[1] <https://github.com/libgd/libgd/issues/298>

show more ...

# a757ebb5 29-Nov-2018 Christoph M. Becker

Require SQLite ≥ 3.7.4 for ext/sqlite3

`SQLite3::readOnly()` uses `sqlite3_stmt_readonly()` which is only
available as of libsqlite 3.7.4. For older SQLite3 versions we return
alway

Require SQLite ≥ 3.7.4 for ext/sqlite3

`SQLite3::readOnly()` uses `sqlite3_stmt_readonly()` which is only
available as of libsqlite 3.7.4. For older SQLite3 versions we return
always `false`, which can be confusing. Instead of sticking with this
behavior, or even undefining the method for old SQLite3 versions, we
lift the requirements to SQLite 3.7.4 (released on 2010-12-08),
according to a respective discussion[1].

Since pdo_sqlite doesn't use `sqlite3_stmt_readonly()`, we stick with
the minimum requirement of SQLite 3.5.0.

[1] <https://github.com/php/php-src/pull/3614>

show more ...

# 035de21d 29-Nov-2018 Christoph M. Becker

Deny (un)serialization of SQLite3, SQLite3Stmt and SQLite3Result

Serializing `SQLite3`, `SQLite3Stmt` and `SQLite3Result` instances is
possible but pointless, since unserializing results

Deny (un)serialization of SQLite3, SQLite3Stmt and SQLite3Result

Serializing `SQLite3`, `SQLite3Stmt` and `SQLite3Result` instances is
possible but pointless, since unserializing results in uninitialized
instances, which will bail out of any method call. Therefore, we deny
serialization and unserialization in the first place.

show more ...

# 28edeb2b 26-Nov-2018 Nikita Popov

User serialize_deny for PDOStatement as well

# 6e4b2026 26-Nov-2018 Nikita Popov

Switch PDO to use serialize_deny

And remove dummy __sleep/__wakeup. This switches the thrown
exception type from PDOException to Exception.

1...<<31323334353637383940>>...72