The PHP Foundation
The PHP Foundation
Welcome to the seventh in the PHP Core Roundup series, where we summarize the latest improvements, bug fixes, proposals, and other developments in PHP.
We are merely three weeks away from PHP 8.2 GA release, and we already have changes implemented and being discussed for the next PHP version, PHP 8.3! Exciting times!
PHP 8.3 is more than a year away, but the first change for PHP 8.3 is already merged into the master branch.
Juan Carlos Moralesโs RFC to add a new json_validate() function to PHP was voted and is already implemented. The new json_validate() function returns whether a given JSON string is valid or not, without consuming the memory and processing it takes to decode a JSON string. For quick JSON string validations, json_validate() can come in handy.
Additionally, Tim Dรผsterhusโs RFC to improve error handling semantics of the unserialize() function recently finished the vote.
There are quite a few more RFCs under discussion that target PHP 8.3, so itโs safe to say that the PHP 8.3 development is quite active even before we have the first GA PHP 8.2 release!
The first GA PHP version, PHP 8.2.0 is scheduled to be released on 24th of November. PHP 8.2 RC5 is already released, and RC6 (the last one) is scheduled for 10th of November.
PHP 8.2 RC versions are available in Ondrej Suryโs Debian/Ubuntu repos, Remiโs repos for Fedora/RHEL, Docker images on Docker Hub, and compiled Windows binaries on windows.php.net.
PHP 7โs journey comes to an end when PHP 8.2 is released. PHP 7.0 through 7.3 are no longer maintained and no longer receive security updates, but PHP 7.4 is currently receiving security updates from the PHP core developers.
Changes and improvements to PHP are discussed, reported, and voted on by the PHP Foundation Team, the PHP development team, and contributors. Bug reports are made to the PHP issue tracker, changes are discussed in mailing lists, minor code changes are proposed as pull requests, and major changes are discussed in detail and voted on as PHP RFCs. Documentation and the php.net web site changes are also discussed and improved at their relevant Git repositories on GitHub.
Hundreds of awesome PHP contributors put their efforts into improvements to the PHP code base, documentation, and the php.net website. Here is a summary of some changes made by the people behind PHP. Things marked with ๐ are done by the PHP Foundation team.
A security release for all current PHP versions (7.4, 8.0, and 8.1) were made fixing an out-of-bounds read vulnerability in the GD extension (CVE-2022-31630), and a buffer overflow vulnerability in PHPโs SHA3 implementation (CVE-2022-37454). The SHA3 vulnerability was in the reference upstream SHA3 implementation written in C. Python and a few libraries were affected along with PHP.
Following are the RFCs and major pull-requests discussed, voted, and implemented since our last update.
RFC Implemented: json_validate
RFC by Juan Carlos Morales, to add a new json_validate() function that returns whether the given string of JSON is a valid JSON. This RFCโs vote passed, and is now implemented in PHP 8.3.
There is a polyfill proposed to Symfony polyfills, and more information on PHP.Watch: json_validate().
RFC Pending Implementation: Improve unserialize() error handling
RFC by Tim Dรผsterhus completed its vote, and is pending implementation. It proposed to improve error handling of the unserialize function by increasing the error level from E_NOTICE to E_WARNING, adding a new 'UnserializationFailedException' exception, and throwing exceptions on error conditions.
The vote was not in favor of adding the new 'UnserializationFailedException' exception type, but the vote to promote notices to warnings was in favor, and is currently pending implementation.
More information on PHP.Watch: unserialize(): Upgrade E_NOTICE errors to E_WARNING.
RFC Under Discussion: Destructuring Coalesce
Bob Weinand created a new RFC and a discussion on allowing [$a ?? $b] = $array;, where $a is assigned $b if the key in the array is null or missing:
[$a ?? $b] = $array;
[$a ?? "default value"] = $array;
Currently, the snippets above result in Parse Error. The RFC proposes adding support for coalesce in array destructing (list() function calls, or [$a, $b, โฆ] = $array syntax).
When destructing an array, the $a will be assigned $b/"default value" if $array[0] is not set.
RFC Under Discussion: Randomizer Additions
RFC by Joshua Rรผsweg and Tim Dรผsterhus, proposes to add new โbuilding blockโ methods to \Random\Randomizer that implement commonly useful operations that are either verbose or very hard to implement in userland. It proposes to add getBytesFromString, nextFloat, and getFloat methods to the new \Random\Randomizer classes added as part of the Random Extension RFC.
RFC Under Discussion: Dynamic class constant fetch
In this RFC, Ilija Tovilo ๐ proposes to allow fetching class constants and magic constants dynamically.
class Foo {
const BAR = 'bar';
}
$bar = 'BAR';
// This is currently a syntax error
echo Foo::{$bar};
Currently, accessing class constants dynamically has to be done with a constant() function call:
echo constant(Foo::class . '::' . $bar);
This RFC proposes to allow the syntax shown in the snippet above, which is apparently only an arbitrary limitation and not a technical limitation.
iterable\ namespaceFollowing are some changes that did not go through an RFC process because they are either planned, bug fixes, or progressive enhancements. There are automated unit and integration tests for each of these changes, the PHP core developers review all pull requests.
} in GH-9624 by Ilija Tovilo ๐EG(jit_trace_num) value around __autoload() in f7d0a3e0e0 by Dmitry Stogovreallocarray with safe_perealloc in 138fd5b3c8 by Ilija Tovilo ๐X-Powered-By header in FPM tester if expose_php off in GH-9508 by Jakub Zelenka ๐php_init_crypt_r/php_shutdown_crypt_r signatures warning in 257f108924 by David Carlieriterable alias array|Traversable breaks PHP 8.1 code in GH-9558 by Gina Peter Banyard ๐ext/sockets/tests/socket_cmsg_{rights|credentials}.phpt in c58241a003 by Andy PostnikovFD_SETSIZE is exceeded in GH-9602 by Arnaud Le Blanc ๐--EXTENSIONS-- section for newly added tests in 47c79a97f5 by Christoph M. Beckergh9590.phpt requires ext/posix in 48ae3a0e3f by Christoph M. BeckerFE_FETCH instruction in 5ca4113386 by Dmitry StogovU+005C and U+007E to SJIS-2004 in dd00e2f1e3 by Alex Dowadlibmysql-client from mysqli test suite in GH-9652 by Christoph M. Beckerr in rand_rangeXX in GH-9678 by Tim Dรผsterhusarray_walk($ffiInstance, function () {}) crashes due to expecting mutable array in d9651a9419 by Dmitry StogovCONST_CS flag for PHP 7.x in 69ef3247fd by Mรกtรฉ Kocsis ๐dl() segfaults when module is already loaded in GH-9689 by Christoph M. Beckermb_encode_mimeheader reported as GH-9683 in faa5425b0f by Alex Dowadrun_time_cache in 9be00e3935 by Bob Weinandextra_named_params when restoring frozen call stack in 86e1fea39a by Arnaud Le Blanc ๐actions/checkout@v3 in GH-9759 by Tim Dรผsterhusactions/checkout@v3 (PHP-8.1) in 8cd1b837c1 by Tim DรผsterhusHY010 when binding overlong parameter in GH-9541 by Christoph M. BeckerDatePeriod's getRecurrences and ->recurrences don't match) in 011b7f9840 by Derick Rethans ๐run_time_cache for preloaded arena allocated internal functions in 5e9654be03 by Bob Weinandphp_mt_rand_range() with MT_RAND_PHP in GH-9839 by Tim DรผsterhusSKIPIF section in d2c663441d by Ilija Tovilo ๐At PHP Foundation, we support, promote, and advance the PHP language. We financially support six part-time PHP core developers to contribute to the PHP project. You can help support PHP Foundation at OpenCollective.
A big thanks to all our sponsors โ PHP Foundation is all of us!
Follow us on Twitter @ThePHPF to get the latest updates from the Foundation.
๐๏ธ ๐
PHP Roundup is prepared by Ayesh Karunaratne from PHP.Watch, a source for PHP News, Articles, Upcoming Changes, and more.