PHP Version 7.2.0 Published

目标及关键路径

  • 性能提升

从 PHP 7.1.x 移植到 PHP 7.2.x

这里可以找到原文

不向下兼容的变更

  • 防止 number_format() 返回负零,之前版本中,number_format() 有可能会返回 -0。虽然这是符合 IEEE 754 规范的,但是这样会导致可读性不好,新版本中会将这样的负数去掉。

  • 将数组转换为对象,或将对象转换为数组时,数字键现在得到了更好的处理(无论是通过显式转换还是通过 settype() 函数)。

  • get_class() 函数不再接受 null 参数,之前版本中,传递 nullget_class() 函数将返回当前类名。在新版本中,此行为会抛出一个 E_WARNING 错误。如果想实现与之前版本同样的效果,请不要传递任何参数进来。

  • 对非可数类型调用 count()(或 sizeof())函数,会抛出一个 E_WARNING 错误。

  • ext/hash 从资源变成对象

  • SSL/TLS 的下列默认选项被修改:

    • tls:// 默认为 TLSv1.0 or TLSv1.1 or TLSv1.2
    • ssl:// 成为 tls:// 的别名
    • STREAM_CRYPTO_METHOD_TLS_* 常量默认为 TLSv1.0 或 TLSv1.1 + TLSv1.2,替代之前的 TLSv1.0
  • 之前版本中,如果在一个闭包资源中使用 gettype() 会返回字符串 "unknown type",现在将会返回字符 "resource (closed)"

  • 之前版本中,对 __PHP_Incomplete_Class 调用 is_object() 函数会返回 false,现在会返回 true

  • 调用未定义的常量,现在会抛出一个 E_WARNING 错误(之前版本中为 E_NOTICE)。在下一个 PHP 大版本中,将会抛出一个 Error 错误。

  • 官方支持的最低 Windows 版本为 Windows 7/Server 2008 R2。

  • Compatibility checks upon default trait property values will no longer perform casting.

  • object 在之前的 PHP 7.0 版本 中被声明为软保留字(soft-reserved)。现在变更为强制保留字,禁止在任何类或接口中使用该名称。

  • NetWare 已不再被支持。

  • While array_unique() with SORT_STRING formerly copied the array and removed non-unique elements (without packing the array afterwards), now a new array is built by adding the unique elements. This can result in different numeric indexes.

  • The bcmod() function no longer truncates fractional numbers to integers. As such, its behavior now follows fmod(), rather than the % operator. For example bcmod('4', '3.5') now returns 0.5 instead of 1.

  • The hash_hmac(), hash_hmac_file(), hash_pbkdf2(), and hash_init() (with HASH_HMAC) functions no longer accept non-cryptographic hashes.

  • The json_decode() function option, JSON_OBJECT_AS_ARRAY, is now used if the second parameter (assoc) is null. Previously, JSON_OBJECT_AS_ARRAY was always ignored.

  • Sequences generated by rand() and mt_rand() for a specific seed may differ from PHP 7.1 on 64-bit machines (due to the fixing of a modulo bias bug in the implementation).

  • sql.safe_mode ini 设置项已被移除。

  • The zone element of the array returned by date_parse() and date_parse_from_format() represents seconds instead of minutes now, and its sign is inverted. For instance -120 is now 7200.

  • As of PHP 7.2.34, the names of incoming cookies are no longer url-decoded for security reasons.


  • 不带引号的字符串是不存在的全局常量,转化成他们自身的字符串。 在以前,该行为会产生 E_NOTICE,但现在会产生 E_WARNING。在下一个 PHP 主版本中,将抛出 Error 异常。

  • GD 扩展内的 png2wbmp()jpeg2wbmp() 现已被废弃,将在下一个 PHP 主版本中移除。

  • Intl 扩展废弃了 INTL_IDNA_VARIANT_2003 转化,为idn_to_ascii()idn_to_utf8() 的默认选项。 PHP 7.4 会把默认值设置为 INTL_IDNA_VARIANT_UTS46, 并在下一个 PHP 主版本中完全移除 INTL_IDNA_VARIANT_2003

  • __autoload() 方法已被废弃, 因为和 spl_autoload_register() 相比功能较差 (因为无法链式处理多个 autoloader), 而且也无法在两种 autoloading 样式中配合使用。

  • 当开启了 track_errors ini 设置,出现非致命错误时, 会在本地作用域创建 $php_errormsg 变量。 由于提供了更好的方式: error_get_last() 来获取此类错误信息,该功能被废弃。

  • 考虑到create_function() 函数的安全隐患问题(它是 eval() 的瘦包装器),该过时的函数现在已被废弃。 更好的选择是匿名函数

  • mbstring.func_overload ini 设置,由于此设置会影响环境中的字符串系列函数,带来相互操作中的问题,它现在已被废弃。

  • 转化任意表达式为(unset)类型,结果总是 null,所以这个多余的类型转化现在也就被废弃了。

  • 使用 parse_str() 时,不加第二个参数会导致查询字符串参数导入当前符号表。 考虑到安全隐患问题,不加第二个参数使用 parse_str() 的行为已被废弃。 此函数的第二个选项为必填项,它使查询字符串转为 Array。

  • 此函数基于未知的、取决于平台的 limb 尺寸产生随机数。因此,该函数已被废弃。 使用更好的方式产生随机数: GMP 扩展中的 gmp_random_bits()gmp_random_range()

  • 使用each() 函数遍历时,比普通的 foreach 更慢, 并且给新语法的变化带来实现问题。因此它被废弃了。

  • assert() 字符串参数将要求它能被 eval() 执行。 考虑到可能被执行远程代码,废弃了字符串的 assert(),最好提供 bool 的表达式。

  • $errcontext 参数包含了错误网站的所有本地变量。 考虑到它很少被用到,而且还会导致内部优化问题,它现在被废弃了。 代替用法:调试器应该自己取回错误站点的本地变量。

  • read_exif_data() 别名已被废弃 使用 exif_read_data() 函数代替。

新特性

  • 这种新的对象类型, object, 引进了可用于逆变(contravariant)参数输入和协变(covariant)返回任何对象类型。

  • 扩展文件不再需要通过文件加载 (Unix下以.so为文件扩展名,在Windows下以 .dll 为文件扩展名) 进行指定。可以在php.ini配置文件进行启用, 也可以使用 dl() 函数进行启用。

  • 当一个抽象类继承于另外一个抽象类的时候,继承后的抽象类可以重写被继承的抽象类的抽象方法。

  • 使用Argon2算法生成密码散列,Argon2 已经被加入到密码散列(password hashing) API (这些函数以 password_ 开头), 以下是暴露出来的常量:

    • PASSWORD_ARGON2I
    • PASSWORD_ARGON2_DEFAULT_MEMORY_COST
    • PASSWORD_ARGON2_DEFAULT_TIME_COST
    • PASSWORD_ARGON2_DEFAULT_THREADS
  • 新增 ext/PDO(PDO扩展) 字符串扩展类型,当你准备支持多语言字符集,PDO的字符串类型已经扩展支持国际化的字符集。以下是扩展的常量:

    • PDO::PARAM_STR_NATL
    • PDO::PARAM_STR_CHAR
    • PDO::ATTR_DEFAULT_STR_PARAM
  • 为 ext/PDO新增额外的模拟调试信息,PDOStatement::debugDumpParams()方法已经更新,当发送SQL到数据库的时候,在一致性、行查询(包括替换绑定占位符)将会显示调试信息。这一特性已经加入到模拟调试中(在模拟调试打开时可用)。

  • LDAP 扩展已经新增了EXOP支持. 扩展暴露以下函数和常量:

  • sockets扩展现在具有查找地址信息的能力,且可以连接到这个地址,或者进行绑定和解析。为此添加了以下一些函数:

  • 重写方法和接口实现的参数类型现在可以省略了。不过这仍然是符合LSP,因为现在这种参数类型是逆变的。

  • 命名空间可以在PHP 7中使用尾随逗号进行分组引入。

变化

这里可以找到原文

BCMath

  • Fixed bug #46564 (bcmod truncates fractionals).

CLI

  • Fixed bug #74849 (Process is started as interactive shell in PhpStorm).
  • Fixed bug #74979 (Interactive shell opening instead of script execution with -f flag).

CLI server

  • Fixed bug #60471 (Random “Invalid request (unexpected EOF)” using a router script).

Core

  • Removed IS_TYPE_IMMUTABLE (it’s the same as COPYABLE & !REFCOUNTED).
  • Removed the sql.safe_mode directive.
  • Removed support for Netware.
  • Renamed ReflectionClass::isIterateable() to ReflectionClass::isIterable() (alias original name for BC).
  • Implemented “Deprecate and Remove Bareword (Unquoted) Strings” RFC.

  • Raised minimum supported Windows versions to Windows 7/Server 2008 R2.
  • “Countable” interface is moved from SPL to Core.
  • Implemented FR #69791 (Disallow mail header injections by extra headers) (Yasuo)
  • Implemented minor optimization in array_keys/array_values().
  • Implemented “Trailing Commas In List Syntax” RFC for group use lists only.
  • Change PHP_OS_FAMILY value from “OSX” to “Darwin”.
  • Implemented FR #74963 (Improved error message on fetching property of non-object).
  • Allow loading PHP/Zend extensions by name in ini files (extension=<name>).

  • Implemented FR #49806 (proc_nice() for Windows).
  • Implemented FR #72768 (Add ENABLE_VIRTUAL_TERMINAL_PROCESSING flag for php.exe).
  • Added ZEND_COUNT, ZEND_GET_CLASS, ZEND_GET_CALLED_CLASS, ZEND_GET_TYPE, ZEND_FUNC_NUM_ARGS, ZEND_FUNC_GET_ARGS instructions, to implement corresponding builtin functions.
  • Added ZEND_IN_ARRAY instruction, implementing optimized in_array() builtin function, through hash lookup in flipped array.
  • Added PHP_OS_FAMILY constant to determine on which OS we are.
  • Added object type annotation.
  • Added new VM instuctions ISSET_ISEMPTY_CV and UNSET_CV. Previously they were implemented as ISSET_ISEMPTY_VAR and UNSET_VAR variants with ZEND_QUICK_SET flag.

  • Fixed bug #54535 (WSA cleanup executes before MSHUTDOWN).

  • Fix pthreads detection when cross-compiling (ffontaine)

  • Fixed memory leaks caused by exceptions thrown from destructors. (Bob, Dmitry).

  • Fixed bug #73215 (uniqid() should use better random source).

  • Implemented “Convert numeric keys in object/array casts” RFC, fixes bugs #53838, #61655, #66173, #70925, #72254, etc.

  • Fixed bug #73987 (Method compatibility check looks to original definition and not parent).

  • Fixed bug #73991 (JSON_OBJECT_AS_ARRAY not respected).

  • Fixed bug #74053 (Corrupted class entries on shutdown when a destructor spawns another object).

  • Fixed bug #73971 (Filename got limited to MAX_PATH on Win32 when scan directory).

  • Fixed bug #72359, bug #72451, bug #73706, bug #71115 and others related to interned strings handling in TS builds.

  • Fixed bug #74269 (It’s possible to override trait property with different loosely-equal value).

  • Fixed bug #61970 (Restraining __construct() access level in subclass gives a fatal error).

  • Fixed bug #63384 (Cannot override an abstract method with an abstract method).

  • Fixed bug #74607 (Traits enforce different inheritance rules).

  • Fixed misparsing of abstract unix domain socket names.

  • Fixed bug #74815 (crash with a combination of INI entries at startup).

  • Fixed bug #74836 (isset on zero-prefixed numeric indexes in array broken).

  • Fixed bug #49649 (unserialize() doesn’t handle changes in property visibility).

  • Fixed bug #74866 (extension_dir = “./ext” now use current directory for base).

  • Fixed bug #75142 (buildcheck.sh check for autoconf version needs to be updated for v2.64).

  • Fixed bug #74878 (Data race in ZTS builds).

  • Fixed bug #75515 (“stream_copy_to_stream” doesn’t stream anymore).

cURL

  • Fixed bug #75093 (OpenSSL support not detected).
  • Better fix for #74125 (use pkg-config instead of curl-config).

Date

  • Implemented FR #71520 (Adding the DateTime constants to the DateTimeInterface interface).

  • Fixed bug #55407 (Impossible to prototype DateTime::createFromFormat).
  • Fixed bug #75055 (Out-Of-Bounds Read in timelib_meridian()). (CVE-2017-16642)
  • Fixed bug #75149 (redefinition of typedefs ttinfo and t1info).
  • Fixed bug #75222 (DateInterval microseconds property always 0).

Dba

  • Fixed bug #72885 (flatfile: dba_fetch() fails to read replaced entry).

DOM

  • Implemented FR #74837 (Implement Countable for DomNodeList and DOMNamedNodeMap).

EXIF

  • Deprecated the read_exif_data() alias.

  • Added support for vendor specific tags for the following formats: Samsung, DJI, Panasonic, Sony, Pentax, Minolta, Sigma/Foveon, AGFA, Kyocera, Ricoh & Epson.
  • Implemented FR #65187 (exif_read_data/thumbnail: add support for stream resource).

  • Fixed bug #72682 (exif_read_data() fails to read all data for some images).
  • Fixed bug #71534 (Type confusion in exif_read_data() leading to heap overflow in debug mode).
  • Fixed bug #68547 (Exif Header component value check error).
  • Fixed bug #66443 (Corrupt EXIF header: maximum directory nesting level reached for some cameras).
  • Fixed Redhat bug #1362571 (PHP not returning full results for exif_read_data function).
  • Fixed bug #74428 (exif_read_data(): “Illegal IFD size” warning occurs with correct exif format).
  • Fixed bug #72819 (EXIF thumbnails not read anymore).
  • Fixed bug #62523 (php crashes with segfault when exif_read_data called).
  • Fixed bug #50660 (exif_read_data(): Illegal IFD offset (works fine with other exif readers).

Fileinfo

  • Upgrade bundled libmagic to 5.31.

FPM

  • Configuration to limit fpm slow log trace callers.

  • Fixed bug #75212 (php_value acts like php_admin_value).

FTP

  • Implement MLSD for structured listing of directories.
  • Added ftp_append() function.

GD

  • Implemented imageresolution as getter and setter (Christoph)

  • Fixed bug #74744 (gd.h: stdarg.h include missing for va_list use in gdErrorMethod).
  • Fixed bug #75111 (Memory disclosure or DoS via crafted .bmp image).

GMP

  • Fixed bug #70896 (gmp_fact() silently ignores non-integer input).

Hash

  • Disallowed usage of non-cryptographic hash functions with HMAC and PBKDF2.

  • Changed HashContext from resource to object.

  • Fixed bug #75284 (sha3 is not supported on bigendian machine).

IMAP

  • Fixed bug #72324 (imap_mailboxmsginfo() return wrong size).

Intl

  • Fixed bug #63790 (test using Spoofchecker which may be unavailable).
  • Fixed bug #75378 ([REGRESSION] IntlDateFormatter::parse() does not change $position argument).

JSON

  • Add JSON_INVALID_UTF8_IGNORE and JSON_INVALID_UTF8_SUBSTITUTE options for json_encode and json_decode to ignore or replace invalid UTF-8 byte sequences - it addresses request #65082.

  • Fixed bug #75185 (Buffer overflow in json_decode() with JSON_INVALID_UTF8_IGNORE or JSON_INVALID).
  • Fixed bug #68567 (JSON_PARTIAL_OUTPUT_ON_ERROR can result in JSON with null key).

LDAP

  • Implemented FR #69445 (Support for LDAP EXOP operations)

  • Fixed support for LDAP_OPT_SERVER_CONTROLS and LDAP_OPT_CLIENT_CONTROLS in ldap_get_option
  • Fixed passing an empty array to ldap_set_option for client or server controls.

Mbstring

  • Update to oniguruma version 6.3.0.

  • Implemented FR #66024 (mb_chr() and mb_ord()).
  • Implemented FR #65081 (mb_scrub()).
  • Implemented FR #69086 (enhancement for mb_convert_encoding() that handles multibyte replacement char nicely).
  • Added array input support to mb_convert_encoding().
  • Added array input support to mb_check_encoding().

  • Fixed bug #69079 (enhancement for mb_substitute_character).
  • Fixed bug #69267 (mb_strtolower fails on titlecase characters).

Mcrypt

  • The deprecated mcrypt extension has been moved to PECL.

Opcache

  • Added global optimisation passes based on data flow analysis using Single Static Assignment (SSA) form: Sparse Conditional Constant Propagation (SCCP), Dead Code Elimination (DCE), and removal of unused local variables (Nikita, Dmitry)

  • Fixed incorect constant conditional jump elimination.
  • Fixed bug #75230 (Invalid opcode 49/1/8 using opcache).
  • Fixed bug (assertion fails with extended info generated).
  • Fixed bug (Phi sources removel).
  • Fixed bug #75370 (Webserver hangs on valid PHP text).
  • Fixed bug #75357 (segfault loading WordPress wp-admin).

OpenSSL

  • Automatically load OpenSSL configuration file.
  • Use TLS_ANY for default ssl:// and tls:// negotiation.
  • Allow setting SNI cert and private key in separate files.

  • Added openssl_pkcs7_read() and pk7 parameter to openssl_pkcs7_verify().
  • Add ssl security_level stream option to support OpenSSL security levels. (Jakub Zelenka).

  • Fix leak in openssl_spki_new().
  • Fixed bug #74903 (openssl_pkcs7_encrypt() uses different EOL than before).

PCRE

  • Added support for PCRE JIT fast path API.

  • Fixed bug #61780 (Inconsistent PCRE captures in match results).
  • Fixed bug #74873 (Minor BC break: PCRE_JIT changes output of preg_match()).
  • Fixed bug #75089 (preg_grep() is not reporting PREG_BAD_UTF8_ERROR after first input string).
  • Fixed bug #75223 (PCRE JIT broken in 7.2).
  • Fixed bug #75285 (Broken build when system libpcre don’t have jit support).

phar

  • Fixed bug #74196 (phar does not correctly handle names containing dots).

PDO

  • Add “Sent SQL” to debug dump for emulated prepares.
  • Add parameter types for national character set strings.

  • Fixed bug #73234 (Emulated statements let value dictate parameter type).

PDO_DBlib

  • Add test coverage for bug #72969.
  • Expose DB-Library version as \PDO::DBLIB_ATTR_VERSION attribute on \PDO instance.

  • Fixed bug #73396 (bigint columns are returned as strings).

PDO_OCI

  • Fixed bug #74537 (Align --with-pdo-oci configure option with --with-oci8 syntax).

PDO_Sqlite

  • Switch to sqlite3_prepare_v2() and sqlite3_close_v2() functions (rasmus)

PHPDBG

  • Added extended_value to opcode dump output.

Session

  • PR #2233 Removed register_globals related code and “!” can be used as $_SESSION key name.

  • Fixed bug #73461 (Prohibit session save handler recursion).
  • Improved bug #73100 fix. ‘user’ save handler can only be set by session_set_save_handler()
  • Fixed bug #74514 (5 session functions incorrectly warn when calling in read-only/getter mode).
  • Fixed bug #74936 (session_cache_expire/cache_limiter/save_path() trigger a warning in read mode).
  • Fixed bug #74941 (session fails to start after having headers sent).

Sodium

  • New cryptographic extension
  • Added missing bindings for libsodium > 1.0.13.

SPL

  • Added spl_object_id().

  • Fixed bug #71412 (Incorrect arginfo for ArrayIterator::__construct).

SQLite3

  • Update to Sqlite 3.20.1.

  • Implement writing to blobs.

Standard

  • Compatibility with libargon2 versions 20161029 and 20160821.

  • Add support for extension name as argument to dl().

  • Fixed bug #69442 (closing of fd incorrect when PTS enabled).
  • Fixed bug #74300 (unserialize accepts two plus/minus signs for float number exponent part).
  • Fixed bug #74737 (mysqli_get_client_info reflection info).
  • Fixed bug #74851 (uniqid() without more_entropy performs badly).
  • Fixed bug #74103 (heap-use-after-free when unserializing invalid array size). (CVE-2017-12932)
  • Fixed bug #75054 (A Denial of Service Vulnerability was found when performing deserialization).
  • Fixed bug #75170 (mt_rand() bias on 64-bit machines).
  • Fixed bug #75221 (Argon2i always throws NUL at the end).

Streams

  • Default ssl/single_dh_use and ssl/honor_cipher_order to true.

XML

  • Moved utf8_encode() and utf8_decode() to the Standard extension.

XMLRPC

  • Use Zend MM for allocation in bundled libxmlrpc (Joe)

ZIP

  • Use of bundled libzip is deprecated, --with-libzip option is recommended.

  • Add support for encrypted archives.
  • ZipArchive implements countable, added ZipArchive::count() method.

  • Fixed bug #73803 (Reflection of ZipArchive does not show public properties).
  • Fix segfault in php_stream_context_get_option call.
  • Fixed bug #75143 (new method setEncryptionName() seems not to exist in ZipArchive).

zlib

  • Expose inflate_get_status() and inflate_get_read_len() functions.