PHP Core Roundup #11
Welcome to the eleventh post in the PHP Core Roundup series. Just like the previous months, March was an eventful month with new RFCs, discussions, and plenty of other developments in PHP.
The PHP Foundation currently supports six part-time PHP contributors who work on maintenance and new features for PHP. Maintenance is not limited to fixing bugs, but also includes work to reduce technical debt, making life easier for everyone working on PHP. The contributors funded by the PHP Foundation collaborate with other contributors on code, documentation, and discussions.
We publish the posts on our website, and you can subscribe to a newsletter; You donβt necessarily have to be a PHP Foundation backer to follow PHP Core Roundup.
Subscribe to PHP Core Roundup newsletter
Call for PHP 8.3 Release Managers In Voting
In February, Sergey Panteleev β one of the PHP 8.2 release managers β called for volunteers to put their names forward to be the release managers for the upcoming PHP 8.3. Four volunteers stepped in for the three available positions, and a vote is currently under way.
Pierrick Charron, one of the PHP 8.2 release managers, volunteered to be the veteran release manager. Pierrick will be working with two newcomers to this position throughout the lifecycle of PHP 8.3.
For the rookie candidates, Eric Mann, Calvin Buckley, and Jakub Zelenka π expressed their interest, and the vote will elect two release managers from this list of three.
Voting will be open until Apr 16, 2023.
PHP 8.2.4 and 8.1.17 Bug Fix Releases
PHP 8.2.4 and 8.1.17 are now released, both of which contain over 45 bug fixes (and no security fixes).
PHP 8.0 only receives security updates, so there is no corresponding release for PHP 8.0.
Recent RFCs and Mailing List Discussions
Changes and improvements to PHP are discussed, reported, and voted on by the PHP Foundation Team, the PHP development team, and contributors. Bug reports are made to the PHP issue tracker, changes are discussed in mailing lists, minor code changes are proposed as pull requests, and major changes are discussed in detail and voted on as PHP RFCs. Documentation and the php.net website changes are also discussed and improved at their relevant Git repositories on GitHub.
Hundreds of awesome PHP contributors put their efforts into improvements to the PHP code base, documentation, and the php.net website. Here is a summary of some changes made by the people behind PHP. Things marked with π are done by the PHP Foundation team.
RFC Updates
Following are the RFCs and major pull-requests discussed, voted on, and implemented since our last update.
RFC Implemented: Saner array_(sum|product)() by George Peter Banyard π
Proposed to change the current behavior of
array_sum
andarray_product
to properly handle non-numeric values. This results in additional warnings when these functions encounter unsupported types such as certain objects, arrays, and resources. Further, it can result in different return values on objects that support arithmetic operations.This RFC was accepted, and the changes are now implemented in PHP 8.3.
RFC Implemented: Typed class constants by Benas Seliuginas and MΓ‘tΓ© Kocsis π
Despite the huge efforts put into improving the type system of PHP year after year, it was still not possible to declare constant types. This is less of a concern for global constants, but can indeed be a source of bugs and confusion for class constants: This RFC proposed to add support for declaring class, interface, trait, as well as enum constant types:
enum E { const string TEST = "Test1"; } trait T { const string TEST = E::TEST; } interface I { const string TEST = E::TEST; } class C { const string TEST = E::TEST; }
This RFC was accepted, and the changes are now implemented in PHP 8.3.
RFC In Voting : Arbitrary static variable initializers by Ilija Tovilo π
PHP does not allow using arbitrary expressions in static variable initializers because the values are initialized at the compile time. This also lead to some unexpected behaviors when the same variable is initialized in more than once within the same scope.
This RFC proposes to remove the current limitation of not allowing expressions in static variable initializers. It also forbids redeclaring static variables altogether.
function foo() { static $i = getValue(); }
The code snippet will be allowed and functional in PHP 8.3 if the RFC is accepted. The RFC is currently under vote, and the current tally us an unanimous Yes.
RFC Under Discussion: Make unserialize() emit a warning for trailing bytes by Tim DΓΌsterhus
This RFC proposes that
unserialize()
shall emit a newE_WARNING
whenever the input string contains additional bytes once the unserialization parser terminates after successfully parsing a value. In other words: A warning shall be emitted if bytes can be removed from the end of the input string without changing the return value ofunserialize()
.RFC Under Discussion: Define proper semantics for range() function by George Peter Banyard π
This RFC attempts to iron out several undesirable and unexpected behaviors of the
range()
function. Introduced in PHP 4,range()
function attempts to work with various types not only including integers, floats, and strings, but also other types. There are series of behaviors highlighted in the RFC along with several improvements proposed (throwing exceptions, emitting warnings, changing behaviors, etc).
Notable Mailing List Discussions
- Property Hooks Discussion
- First-class callable partial application
- Can we get compile time routines?
- RFC: code optimizations
Merged PRs and Commits
Following are some changes that did not go through an RFC process because they are either planned, bug fixes, or progressive enhancements. There are automated unit and integration tests for each of these changes, the PHP core developers review all pull requests.
Full list of commits since PHP Core Roundup #10
Click here to expand
- Fix unescaped {TMP} variables in tests in 2b5aac9303 by Ilija Tovilo π
- Use zend_result in
ext/spl
where appropriate (#10734) in 2b15061fbb by Niels Dossche - Add Windows GitHub actions build in GH-10664 by Michael VoΕΓΕ‘ek
- Fix missing readonly modification error with inc/dec in JIT in GH-10746 by Ilija Tovilo π
- Make error checks on encoding methods for docomo, kddi, sb consistent in 69543e6a10 by nielsdos
- Use
CK()
macro to check the output function in mbfilter_unicode2sjis_emoji_sb() in 263655a520 by nielsdos - Propagate error checks for
mbfl_filt_conv_illegal_output()
in d66ca5dabb by nielsdos - Fix warning in run-tests when PHP compiled without generating phpdbg support. (#10745) in 3e6d49e042 by Danack
- fix: support for timeouts with ZTS on Linux (#10141) in ad85e71421 by KΓ©vin Dunglas
- Fix operator precedence in the skip section of readonly tests in dab783f7ae by MΓ‘tΓ© Kocsis π
- Fix GH-10728: opcache capstone header's inclusion in GH-10732 by David Carlier
- Propagate success status of ftp_close() to userland in abc6fe8f2e by nielsdos
- Add missing
ZEND_ARG_VARIADIC_OBJ_TYPE_MASK
macro, and use consistent class_name variable name in 7fcea9d260 by Derick Rethans π - Do not allow side-effects when readonly property modification fails (#10757) in e053ba0a3a by MΓ‘tΓ© Kocsis π
ext/ftp
fix ftp_nb_get signature (for failure) in GH-10760 by David Carlier- Revert "Zend/zend_type_code: remove hard-coded integer values and" in 3310463484 by David CARLIER
- random: Convert
php_random_(bytes|int)_(silent|throw)
into inline functions (#10763) in 8abea1b3c2 by Tim DΓΌsterhus - Fix failure of AVX2-accelerated
mb_check_encoding
on 32-bit MS Windows in 86ec0bc55c by Alex Dowad - Fix GH-10766: PharData archive created with Phar::Zip format does not keep files metadata (datetime) in GH-10769 by Niels Dossche
- Fix
strlen
error message param name in 1be99faeff by Kamil Tekiela - Update windows action to
checkout@v3
in 28ef654648 by Ilija Tovilo π - Fix metaphone encode compiler warning in GH-10788 by Ilija Tovilo π
- Ignore
-Warray-bounds
compiler warning in JIT (#10789) in ad7b90b674 by Ilija Tovilo π - Fix
-Wmaybe-uninitialized
warning in JIT in 95fbd2039f by Ilija Tovilo π - Fix gcc warnings in
zend_API.c
with--disable-debug
(#10786) in 6a7115359e by Ilija Tovilo π - Add missing error checks on
EVP_MD_CTX_create()
andEVP_VerifyInit()
in GH-10762 by Niels Dossche - Add missing error check on
i2d_PKCS12_bio()
in GH-10761 by nielsdos - Add missing error check on
PEM_write_bio_CMS()
in 51ea4a680d by nielsdos - Add missing error check on
PEM_write_bio_PKCS7()
in GH-10752 by Niels Dossche - Throw on negative setcookie expiration timestamp in 82dfd93b9d by Ilija Tovilo π
- Fix missing return
FAILURE
in 2110398dee by Ilija Tovilo π - Re-add missing
EXPECTHEADERS
sections in 87e3513274 by Ilija Tovilo π - Fix GH-10709: UAF in recursive AST evaluation in GH-10718 by Ilija Tovilo π
- Revert "Throw on negative setcookie expiration timestamp" in 9f591c9bf6 by Ilija Tovilo π
- random: Add missing
php.h
include tophp_random.h
(#10764) in 5087931963 by Tim DΓΌsterhus - Fix
-Wstrict-prototypes
in DBA in 648e896d0e by George Peter Banyard π - Remove unnecessary workaround for the true type in 368febbf89 by MΓ‘tΓ© Kocsis π
mb_encode_mimeheader
does not crash if provided encoding has no MIME name set in 7c1ee5a02a by Alex Dowad- Enable GitHub actions cancel-in-progress for PRs in GH-10799 by Ilija Tovilo π
- Fix readonly+clone JIT issues in GH-10748 by Ilija Tovilo π
*/*.m4
:update main()
signatures in fa65873502 by Michael Orlitzkyext/iconv/config.m4
: add missingstdio.h
include in GH-10751 by Michael Orlitzky- RFC: Saner
array_(sum|product)()
(#10161) in 3b06618813 by George Peter Banyard π - Imply UTF8 validity in implode function (#10780) in 3821938e81 by Michael VoΕΓΕ‘ek
- Fix GH-8646: Memory leak PHP FPM 8.1 in GH-10783 by Niels Dossche
- Fix GH-8065:
opcache.c
onsistency_checks > 0 causes segfaults in PHP >= 8.1.5 in fpm context in GH-10798 by Niels Dossche - Re-add some CTE functions that were removed from being CTE by a mistake in GH-10768 by Michael VoΕΓΕ‘ek
- Update libmysql 5.7 version in 12290b796b by Ilija Tovilo π
- Suppress
-Wstrict-prototypes
in GD extension (#10803) in afd8695a22 by George Peter Banyard π - Micro optimization: readonly properties always have a type in 574e531127 by MΓ‘tΓ© Kocsis π
- Fixed macro generation for variadics, which don't have a default value in 717335ec63 by Derick Rethans π
- Add test case in 8a9b80cfe0 by Derick Rethans π
- Fixed strict zpp arginfo test in f8891f2861 by Derick Rethans π
- Fixed strict zpp arginfo test in aead0c8059 by Derick Rethans π
- Test Windows with opcache on GitHub actions in 6b884737c4 by Ilija Tovilo π
ext/intl
: dateformatter settimezone changes on success, returning true like setcalendar in GH-10790 by David Carlier- Disable asan instrumentation for phpdbg_watchpoint_userfaultfd_thread in GH-10818 by Ilija Tovilo π
- Switch to Ubuntu 22.04 for GitHub actions jobs in GH-10814 by Ilija Tovilo π
- Fix
GC_BENCH
flag (#10823) in 6f1e5ff8c3 by Ilija Tovilo π - Fix GH-10519: Array Data Address Reference Issue in GH-10749 by NathanFreeman
- Fix GH-10747: Private and protected properties in serialized Date* objects throw in a225581833 by Derick Rethans π
- feat: enable Zend Max Execution Timers by default in 8.3 (#10778) in f0495855a3 by KΓ©vin Dunglas
- Re-enable
-Wstrict-aliasing
in GH-10821 by Ilija Tovilo π - Remove unnecessary type punnign from
mysqli_api.c
in 47f80ffc77 by Ilija Tovilo π - Fix GH-10801: Named arguments in CTE functions cause a segfault in GH-10811 by Niels Dossche
- Fix GH-10611: fpm_env_init_main leaks environ in GH-10618 by Niels Dossche
- Fix RC1 assumption for typed properties with
__get
in GH-10833 by Ilija Tovilo π - Fixed oss-fuzz #56931 in ce5f75fb6f by Derick Rethans π
- Fixed test for GH-10147 in 2d3aa8a5c4 by Derick Rethans π
- Fixed new OSS-FUZZ test in 897b13a217 by Derick Rethans π
- Handle
zend_execute_internal
in JIT in c53e8d3e30 by Bob Weinand - Add test, fix x86 JIT in 1015f1ff61 by Bob Weinand
- Fix module shutdown crash during ZTS JIT shutdown in GH-10835 by Niels Dossche
ext/mysqli/pgsql
:mysqli_fetch_object
/pgsql_fetch_object
raisesValueError
on constructor args error in GH-10832 by David Carlier- avoid test file being consider binary in f575027b56 by Remi Collet
use_tls=0
onMSAN
in GH-10851 by Ilija Tovilo π- Fix test on non-UTC platforms in a141543594 by Matteo Beccati
- Fix mysql tests on Cirrus ASAN in GH-10802 by Ilija Tovilo π
- Move ARM64 build to Cirrus in GH-10795 by Ilija Tovilo π
- remove assert raising strange behavior with GCC 10 in bdf2f722ca by Remi Collet
- Upgrade cirrus arm build to GCC 12 (#10855) in 6ebb506637 by Ilija Tovilo π
- Implement
mb_encode_mimeheader
using fast text conversion filters in 0ce755be26 by Alex Dowad php_pgsql_meta_data
raises aValueError
when table name is invalid in 394470c052 by David Carlierext/mysqi
: mysqli_poll raises a ValueError on absent 1st and 2ng arguments in 90a39fd52c by David Carlier- Fix missing and inconsistent error check on
SQLAllocHandle
in GH-10740 by nielsdos - Remove CTE flag from
array_diff_ukey()
, which was added by mistake in GH-10859 by Michael VoΕΓΕ‘ek - Another attempt to fix MSAN nightly on
master
in 471105abd7 by Ilija Tovilo π pgsql_insert
fix unit tests (#10860) in feb82d91b9 by David CARLIER- Windows CI log verbosity, CI bat file guard in GH-10817 by Michael VoΕΓΕ‘ek
zend_hash
: Use AVX2 instructions for better code efficiency (#10858) in d835de1993 by Tony Su- Add extra option to FPM tester for handling script filename in 3125155b5d by Jakub Zelenka π
- Test FPM FCGI envs without path info fix for custom source in 92d2cd5cb8 by Jakub Zelenka π
- Test FPM FCGI envs with path info fix for Apache proxy balancer in b53b0ac2ea by Jakub Zelenka π
- Test FPM FCGI envs with path info fix for Apache proxy handler in 8cf621e0e4 by Jakub Zelenka π
- Test FPM FCGI envs with path info fix for Apache proxy pass in 38d2e7ea9a by Jakub Zelenka π
- Fix FPM tester
$scriptName
logic in 7d987ebbbf by Jakub Zelenka π - Implement GH-10854: TSRM should set a smarter value for expected_threads (#10867) in 4da0da7f2d by Niels Dossche
- Fix GH-10634: Lexing memory corruption (#10866) in ac9964502c by Niels Dossche
- Remove
xfail
from tests that do not fail anymore (#10871) in 53763e14b7 by Arnaud Le Blanc π ext/psql
:pg_meta_data
, extended mode, fix typo for pseudo typtype in GH-10865 by David CARLIER- Fix GH-8789 and GH-10015: Fix ZTS zend signal crashes due to NULL globals in GH-10861 by Niels Dossche
- Destroy
file_handle
infpm_main
in GH-10707 by Niels Dossche - Fix
NUL
byte in exception string terminatingException::__toString()
in GH-10873 by Ilija Tovilo π - Fix bug #74129: Incorrect SCRIPT_NAME with apache ProxyPassMatch in GH-10869 by Jakub Zelenka π
- Fix GH-10755: Memory leak in phar_rename_archive() in GH-10856 by Su, Tao
- Use new ZSTR_INIT_LITERAL macro (#10879) in 9d5f2f1343 by Ilija Tovilo π
- Fix GH-10885: Leaking stream_socket_server context in GH-10886 by Ilija Tovilo π
- add a basic CODEOWNERS file in GH-8670 by Ben Ramsey
- CODEOWNERS: Add myself to
ext/random
in e73d8de784 by Tim DΓΌsterhus - Fix GH-10052: Browscap crashes PHP 8.1.12 on request shutdown (apache2) in GH-10883 by Niels Dossche
- Fix GH-10521: ftp_get/ftp_nb_get resumepos offset is maximum 10GB in GH-10525 by Niels Dossche
- CODEOWNERS: Add myself as an owner of
ext/ffi
,ext/opcache
and the core Zend files in b698108133 by Dmitry Stogov - Update assertion about unsupported property types in 3deba4c2e8 by MΓ‘tΓ© Kocsis π
- Add myself for
ext/date
in b5262218d4 by Derick Rethans π - [Zend]: Remove unused code in MAKE_NOP macro (#10906) in 7eee0d1bc7 by Tony Su
- Shrink some commonly used structs by reordering members (#10880) in 6a6e91f3c7 by Niels Dossche
- Implement better diff for
run-tests.php
in GH-10875 by Ilija Tovilo π ext/curl
: suppress -Wdeprecated-declarations incurl_arginfo.h
in 2646d76abc by Max Kellermann- Empty merge in 4c114efd1a by Derick Rethans π
- Updated to version 2023.1 (2023a) in 8424b5caaa by Derick Rethans π
- Empty merge in 6c5e07a8b9 by Derick Rethans π
- Updated to version 2023.1 (2023a) in d9e89416f8 by Derick Rethans π
- Updated to version 2023.1 (2023a) in 9495406c9e by Derick Rethans π
- Fix GH-10583: DateTime modify with tz pattern should not update linked timezone in cbac68df6b by Derick Rethans π
ext/pdo_sqlite
: simplifying sqlite3_exec usage. (#10910) in 54f92fc333 by David CARLIER- Fix direct comparison in
run-tests.php
differ in c58c2666a1 by Ilija Tovilo π - Updated to version 2023.2 (2023b) in 90f5b2b4ff by Derick Rethans π
- Empty merge in a337dfb75f by Derick Rethans π
- Updated to version 2023.2 (2023b) in 8a2586228d by Derick Rethans π
- Empty merge in 61a595c883 by Derick Rethans π
- Updated to version 2023.2 (2023b) in 2a553322d8 by Derick Rethans π
- Add me to the CODEOWNERS in ff183ad923 by Jakub Zelenka π
- Fix GH-8979: Possible Memory Leak with SSL-enabled MySQL connections in GH-10909 by Niels Dossche
- Fix GH-10907: Unable to serialize processed SplFixedArrays in PHP 8.2.4 in GH-10921 by Niels Dossche
- Fix test for GH-10907 with output in different order for master branch in 01cb6fb65a by Niels Dossche
- Fix phpGH-10648: add check function pointer into mbfl_encoding in 6fc8d014df by pakutoma
- Update NEWS and UPGRADING to reflect changes in 0ce755be26 in bf64342d30 by Alex Dowad
- Fix compile errors caused by missing initializers in 0779950768 in 345abce590 by Alex Dowad
- Fix compile error in Windows CI job caused by 0779950768 in 57e194e02d by Alex Dowad
- Fix phpGH-10648: add check function pointer into mbfl_encoding in b721d0f71e by pakutoma
- Use capstone explicitly, drop oprofile (GH 10876) (#10918) in 87922411bf by Michael Orlitzky
- By-ref modification of typed and readonly props through ArrayIterator in GH-10872 by Ilija Tovilo π
- Fix buffer-overflow in
php_fgetcsv()
with \0 delimiter and enclosure in GH-10923 by Ilija Tovilo π - Disallow parent dir components (..) in open_basedir() at runtime in GH-10913 by Ilija Tovilo π
- Disable
--with-valgrind
by default (#10934) in 5eb6905405 by Ilija Tovilo π - Fix GH-10928: PHP Build Failed - Test curl_version() basic functionality [ext/curl/tests/curl_version_basic_001.phpt] in GH-10930 by Niels Dossche
ext/pdo_mysql
: mysql_handle_closer nullify some freed data in f6989df8cc by David CARLIER- Fix undefined behaviour in string uppercasing and lowercasing in GH-10936 by Niels Dossche
- Fix buffer-overflow in
open_basedir()
in a7f91e37de by Ilija Tovilo π - Propagate UTF-8 flag during Rope operations (#10915) in d7c351ea54 by George Peter Banyard π
- Use
php_random_bytes_silent()
where possible in gmp_init_random() (#10944) in 8317a147b9 by Niels Dossche - Fix undefined behaviour when writing 32-bit values in phar/tar.c in GH-10940 by Niels Dossche
- Fix undefined behaviour in
GENERATE_SEED()
in GH-10942 by Niels Dossche - Improve the warning message for unpack() in case not enough values were provided (#10949) in 6ec69d727a by Niels Dossche
- php-fuzz-mbstring also tests text encoding validation functions in 5f2587eb25 by Alex Dowad
- For UTF-7, emit error marker if Base64 section ends abruptly after first half of surrogate pair in c4fb049bf6 by Alex Dowad
- Rename
--with-opcache-capstone
to--with-capstone
(#10952) in b73b70f097 by Ilija Tovilo π - Unparallelize IO heavy tests in GH-10953 by Ilija Tovilo π
- Suppress snmp lib memory leak, xfail ASAN tests in be4db6b550 by Ilija Tovilo π
- Fix incorrect optimization in 1f5d9534ae by Dmitry Stogov
- Fix one more differ direct comparison (through in_array) in b9f8b696c4 by Ilija Tovilo π
- Fix GH-10908: Bus error with PDO Firebird on RPI with 64 bit kernel and 32 bit userland in GH-10920 by Niels Dossche
- Handle indirect zvals in
SplFixedArray::__serialize
in GH-10925 by Niels Dossche - Revert "Handle indirect zvals in
SplFixedArray::__serialize
" in 0d524eda94 by Niels Dossche - Reset EG(trampoline).op_array.last_var that FFI may modify in GH-10916 by Ilija Tovilo π
ext/posix
: proposing posix_eaccess. unlike access, it is not standard but available in enough platforms ; on linux it's euidaccess in reality eaccess being 'just' an alias. key difference is eaccess checks the effective user id instead in 2b354318d9 by David CARLIER- Fix test for GH-10908 in 1357d1eb41 by Niels Dossche
ext/intl
: breakiterator::setText returns false on failure in 7623bf0b06 by David Carlier- Note where a session was already started (#10736) in 180f785404 by Calvin Buckley
ext/imap/config.m4
:-Werror=implicit-function-declaration
compatibility in GH-10948 by Michael Orlitzkyext/intl
IntlChar::enumCharNames changes the signature to void in 2da299703a by David CARLIER- Fix undefined behaviour in unpack() in GH-10943 by Niels Dossche
- Updated to version 2023.3 (2023c) in bb7dd51f7a by Derick Rethans π
- Empty merge in cb4e90dca3 by Derick Rethans π
- Updated to version 2023.3 (2023c) in 3ec02202fd by Derick Rethans π
- Empty merge in ad28cf6111 by Derick Rethans π
- Updated to version 2023.3 (2023c) in 2f309dee8e by Derick Rethans π
- Fix uninitialized variable accesses in sockets/conversions in GH-10966 by Niels Dossche
ext/posix
: posix_eaccess little update and forgotten UPGRADING entry. (#10965) in 717f460fa4 by David CARLIER- Silence compiler warnings in ext/sockets/conversions.c (#10974) in GH-10959 by Niels Dossche
Support PHP Foundation
At PHP Foundation, we support, promote, and advance the PHP language. We financially support six part-time PHP core developers to contribute to the PHP project. You can help support PHP Foundation at OpenCollective or via GitHub Sponsors.
A big thanks to all our sponsors β PHP Foundation is all of us!
Follow us on Twitter @ThePHPF or Mastodon phpc.social/@thephpf to get the latest updates from the Foundation.
ποΈ π
PHP Roundup is prepared by Ayesh Karunaratne from PHP.Watch, a source for PHP News, Articles, Upcoming Changes, and more.