不向后兼容的變更

PHP 核心中不向后兼容的變更

以數(shù)組形式訪問(wèn)非數(shù)組

嘗試以數(shù)組方式訪問(wèn) nullboolint,floatresource (例如 $null["key"])將會(huì)拋出 notice 通知。

get_declared_classes() 函數(shù)

get_declared_classes() 函數(shù)將不再返回匿名的類,假如它們沒(méi)有被實(shí)例化的話。

fn 關(guān)鍵詞

fn 成為了保留關(guān)鍵詞。需要特別注意,它不能再做為函數(shù)名或類名使用,但是仍然可以做為方法名和常量名存在。

文件尾部的 <?php 標(biāo)簽

文件尾部的 <?php 標(biāo)簽(不包含空行)將會(huì)被解釋成一個(gè) PHP 頭標(biāo)簽。Previously it was interpreted either as a short opening tag followed by literal php and resulted in a syntax error (with short_open_tag=1) or was interpreted as a literal <?php string (with short_open_tag=0).

Stream wrappers

When using include/require on a stream, streamWrapper::stream_set_option() will be invoked with the STREAM_OPTION_READ_BUFFER option. Custom stream wrapper implementations may need to implement the streamWrapper::stream_set_option() method to avoid a warning (always returning false is a sufficient implementation).

Serialization 序列化

序列化類型 o 被移除。因?yàn)樗皇怯?PHP 生成的,這可能會(huì)影響到之前項(xiàng)目中手動(dòng)生成的序列化字符串。

密碼算法常量

密碼哈希算法標(biāo)識(shí)符現(xiàn)在是可空字符串,而不再是整數(shù)。

  • PASSWORD_DEFAULT 之前是 int 1; 現(xiàn)在是 null
  • PASSWORD_BCRYPT 之前是 int 1; 現(xiàn)在是 string '2y'
  • PASSWORD_ARGON2I 之前是 int 2; 現(xiàn)在是 string 'argon2i'
  • PASSWORD_ARGON2ID 之前是 int 3; 現(xiàn)在是 string 'argon2id'

應(yīng)用中如果正常使用了常量 PASSWORD_DEFAULT,PASSWORD_BCRYPT,PASSWORD_ARGON2I 和 PASSWORD_ARGON2ID 將不會(huì)受到影響。

htmlentities() 函數(shù)

htmlentities() will now raise a notice (instead of a strict standards warning) if it is used with an encoding for which only basic entity substitution is supported, in which case it is equivalent to htmlspecialchars().

fread() and fwrite() 函數(shù)

fread()fwrite() 在操作失敗的時(shí)候會(huì)返回 false。之前的版本中會(huì)返回空字符串或 0。EAGAIN/EWOULDBLOCK 不視為故障。

這些函數(shù)現(xiàn)在也會(huì)在失敗時(shí)發(fā)出 NOTICE 通知,例如當(dāng)試圖寫入一個(gè)只讀文件資源時(shí)。

BCMath Arbitrary Precision Mathematics

BCMath functions will now warn if a non well-formed number is passed, such as "32foo". The argument will be interpreted as zero, as before.

CURL

Attempting to serialize a CURLFile class will now generate an exception. Previously the exception was only thrown on unserialization.

Using CURLPIPE_HTTP1 is deprecated, and is no longer supported as of cURL 7.62.0.

The $version parameter of curl_version() is deprecated. If any value not equal to the default CURLVERSION_NOW is passed, a warning is raised and the parameter is ignored.

Date and Time

Calling var_dump() or similar on a DateTime or DateTimeImmutable instance will no longer leave behind accessible properties on the object.

Comparison of DateInterval objects (using ==, <, and so on) will now generate a warning and always return false. Previously all DateInterval objects were considered equal, unless they had properties.

Intl

The default parameter value of idn_to_ascii() and idn_to_utf8() is now INTL_IDNA_VARIANT_UTS46 instead of the deprecated INTL_IDNA_VARIANT_2003.

MySQLi

The embedded server functionality has been removed. It was broken since at least PHP 7.0.

The undocumented mysqli::$stat property has been removed in favor of mysqli::stat().

OpenSSL

The openssl_random_pseudo_bytes() function will now throw an exception in error situations, similar to random_bytes(). In particular, an Error is thrown if the number of requested bytes is less than or equal to zero, and an Exception is thrown if sufficient randomness cannot be gathered. The $crypto_strong output argument is guaranteed to always be true if the function does not throw, so explicitly checking it is not necessary.

Regular Expressions (Perl-Compatible)

When PREG_UNMATCHED_AS_NULL mode is used, trailing unmatched capturing groups will now also be set to null (or [null, -1] if offset capture is enabled). This means that the size of the $matches will always be the same.

PHP Data Objects

Attempting to serialize a PDO or PDOStatement instance will now generate an Exception rather than a PDOException, consistent with other internal classes which do not support serialization.

Reflection

Reflection objects will now generate an exception if an attempt is made to serialize them. Serialization for reflection objects was never supported and resulted in corrupted reflection objects. It has been explicitly prohibited now.

Standard PHP Library (SPL)

Calling get_object_vars() on an ArrayObject instance will now always return the properties of the ArrayObject itself (or a subclass). Previously it returned the values of the wrapped array/object unless the ArrayObject::STD_PROP_LIST flag was specified.

Other affected operations are:

  • ReflectionObject::getProperties()
  • reset(), current(), etc. Use Iterator methods instead.
  • Potentially others working on object properties as a list.

(array) casts are not affected. They will continue to return either the wrapped array, or the ArrayObject properties, depending on whether the ArrayObject::STD_PROP_LIST flag is used.

SplPriorityQueue::setExtractFlags() will throw an exception if zero is passed. Previously this would generate a recoverable fatal error on the next extraction operation.

ArrayObject, ArrayIterator, SplDoublyLinkedList and SplObjectStorage now support the __serialize() and __unserialize() mechanism in addition to the Serializable interface. This means that serialization payloads created on older PHP versions can still be unserialized, but new payloads created by PHP 7.4 will not be understood by older versions.

Tokenizer

token_get_all() will now emit a T_BAD_CHARACTER token for unexpected characters instead of leaving behind holes in the token stream.

接收到的 Cookies

從 PHP 7.4.11 開(kāi)始,為了安全考慮,接受到的 Cookie 中的 names 參數(shù)不再被 URL 編碼。