PHP 7.1 is all ready to replace 7.0, adding even more features and goodness to the ground-breaking previous version.
Visibility for class constant, key specifications for list, void return type, mcrypt() deprecation, negative offset and warning for integer conversion.
We'll cover new features, deprecated ones and incompatibilities, so you're ready for your next migration.
1. PHP 7.1
ELEGANCE OF OUR LEGACY
010 PHP, Rotterdam, Netherlands, October 2016
[RC4]
2. AGENDA
• PHP 7.0 is already on the way out
• PHP 7.1
• RC4 at the moment, so 2 more weeks to wait
• What's new in this version
• What is incompatible with the previous version
• How to do migration
3. SPEAKER
• Damien Seguy
• Exakat CTO
• Ik ben een boterham
• Static analysis of PHP code
• Get a full report of
compliance for your code
with the exakat engine
5. DONEC QUIS NUNC
LIVING ON THE BLEEDING EDGE
http://php.net/manual/en/migration71.php
https://github.com/php/php-src/blob/master/UPGRADING
https://github.com/php/php-src/blob/master/NEWS
https://wiki.php.net/rfc
http://bugs.php.net/
6. QUAM UT PRÆPARATE PRO AGENTIBUS
HOW TO PREPARE FOR MIGRATION
• Code knowledge
• lint
• Grep / Search
• Static analysis
• Logs / error_reporting
• You know your code
• php -l on every file
• Fast, universal, false positives
• Exakat, phan
• Run the tests, check logs
7. QUAM UT PRÆPARATE PRO AGENTIBUS
HOW TO PREPARE FOR MIGRATION
• Code knowledge
• lint
• Grep / Search
• Static analysis
• Logs / error_reporting
• You know your code
• php -l on every file
• Fast, universal, false positives
• Exakat, phan
• Run the tests, check logs
11. MCRYPT IS DEPRECATED
• "libmcrypt is a dead project, unmaintained for ~8 years, last
version 2.5.8 was released in February 2007!"
• It emits a E_DEPRECATED notice
• Switch to OpenSSL for serious cryptography
• phpseclib (http://phpseclib.sourceforge.net/)
12. $THIS IS NOT A WARNING ANYMORE
<?php
function foo($this) { /**/ }
// Fatal error: Cannot use $this as parameter
?>
• Parameter
• Static variable
• Global variable
• Foreach variable
• Catch'ed variable
• Variable variable
• Reference
• Result of extract() or parse_str
13. RAND() IS NOW AN ALIAS OF MT_RAND()
• RAND() is on its way out
• Since PHP 7.0, use random_int() and random_bytes()
• They provide CSPRN
• Throws exception if it can't
• RAND() is replaced by mt_rand(), better random
• In case the order of the serie is important, beware!
15. MISSING ARG IS EXCEPTION
<?php
function test($param){}
test();
PHP Warning: Missing argument 1 for test()
Fatal error: Uncaught ArgumentCountError: Too few
arguments to function test(), 0 passed
PHP 7.0
PHP 7.1
16. CAN'T BE CALLED DYNAMICALLY ANYMORE
• extract()
• compact()
• get_defined_vars()
• func_get_args()
• func_get_arg()
• func_num_args()
• parse_str() with one argument
• mb_parse_str() with one argument
• assert() with a string argument
Creates too many variables,
in too many different ways
20. VOID TYPE
• New pseudo-type for functions that don't return a value
• Not for type hint
<?php
function fooEmpty ($arg) : void {
return ;
}
function foo ($arg) : void {
}
function fooWithNull ($arg) : void {
return NULL; // not OK : explicit
}
?>
25. EVEN MORE CATCHING EXCEPTIONS
Federate error catching in catch clause
Only for Catch
no Type Hint, no Return Type Hint, no instanceof
<?php
try {
attemptSomething();
} catch (RuntimeException|
InvalidArgumentException $e) {
fixSomething();
} catch (BadFunctioncallException $e) {
fixSomethingElse();
}
26. OCTAL SEQUENCES
• Octal sequences that are beyond 377 are now reported
<?php
print "123n"; // Prints S
print "523n"; // Prints S too
?>
Octal escape sequence overflow 523 is greater than 377
30. SESSION ID SIZE
• Session ID are not hashed anymore
• Speed bump!
• Session ID size is now session.sid_length. sid_length is CSPRN
• 22 to 256 chars; 32 as default; 48 recommended.
• session.sid_bits_per_character specifies 4/5/6 bits characters :
(hexa, [0-9a-v], [0-9a-zA-Z-,])
• Recommended settings : 48 / 5
• Beware about your filters and storages
31. SESSION ID ERRORS ARE CATCHABLE
<?php
try{
session_regenerate_id ();
} catch (Error $e) {
// Log error
// deal with missing session ID
}
?>
• When generated ID are not strings, an Error is emitted
• Catch them to be safe
33. MB_EREGI?_REPLACE ALSO DROPS /E IN 7.1
<?php
$code = "abc de";
echo mb_eregi_replace( ' ',
'"ren";',
$code,
'e');
abcrende
34. FUNCTIONS CHANGES
• getenv(), without argument : === $_ENV
• parse_url() now checks that user and pass have no @ chars.
• ext/filter has now FILTER_FLAG_EMAIL_UNICODE, to filter
unicode email, like üser@[IPv6:2001:db8:1ff::a0b:dbd0]
• imap now checks that email is not larger than 16385 bytes
• pg_last_notice() gets 3 constants :
PGSQL_NOTICE_LAST, PGSQL_NOTICE_ALL, and
PGSQL_NOTICE_CLEAR
41. NEGATIVE OFFSET FOR STRINGS
<?php
echo substr("abcde", 1, 1) ; // display b
echo substr("abcde", -1, 1) ; // display d
echo "abcde"[1]; // display b
echo "abcde"[-1]; // display d
echo "$a[-1]"; // Fatal error
echo "{$a[-1]}"; // display d
?>
42. NEW FUNCTIONS
• mb_ord() and mb_chr() : multi-byte version of ord/chr
• mb_scrub() : cleans a string of gremlins
• curl_share_strerror(), curl_multi_errno() and curl_share_errno() :
access to various kind of errors
• pcntl_async_signals() for
asynchronous signal
handling, with
pcntl_signal()
<?php
pcntl_async_signals(1);
pcntl_signal(SIGTERM, function ($signo
echo "Start!n";
posix_kill(posix_getpid(), SIGTERM);
$i = 0; // dummy
echo "Done!n";
43. CLASS CONSTANT VISIBILITY
• Constants may only be used inside the class or its children
• Interfaces' constants are still public only
• trait's constants are still science-fiction
<?php
class Foo {
// PHP 7.0 behavior. Nothing changes.
const PUBLIC_CONST = 0;
// Explicit visibilities
private const PRIVATE_CONST = 1;
protected const PROTECTED_CONST = 2;
public const PUBLIC_CONST_TWO = 3,
PUBLIC_CONST_THREE = 4;
}
?>
46. DONEC QUIS NUNC
TEST PHP 7.1 NOW
• https://github.com/php/php-src
• RC4 : compile, run unit tests, fix your bugs or report PHP's
• Test online : https://3v4l.org/
• Compile your current code with it
• Use static analysis
• Watch out for PHP.Next : PHP 7.2 or PHP 8.0
• Exit with PEAR and PECL, in with composer/Pickle
• Class Friendship, __autoload() deprecations, Automatic SQL injection
protection, INI get/set aliases…