PHP Core Roundup #17
Published on October 3, 2023 by Roman Pronskiy
Welcome back to PHP Core Roundup series! This is where we highlight and celebrate the improvements made to PHP during the month past by the PHP development team, members of the PHP Foundation, and more.
PHP Security Audit organized by The PHP Foundation π
The PHP Foundation intends to conduct a security audit of the PHP source code. Derick Rethans π has asked the PHP Internals mailing list for input on which sections of the PHP source code should be prioritised in this audit. Feel free to join the conversation if you have suggestions.
Releases
The PHP development team released two new versions in September 2023:
PHP 8.2.11 and PHP 8.1.24
These releases include several bug fixes and improvements, notably in areas such as Core, DOM, Iconv, Intl, MySQLnd, ODBC, SimpleXML, SPL, and SQLite3.
Recent RFCs and Mailing List Discussions
Hundreds of awesome PHP contributors put their efforts into improvements to the PHP code base, documentation, and the php.net website. Here is a summary of some changes made by the people behind PHP. Things marked with π are done by the PHP Foundation team.
PHP 8.3 Release Page
A pull-request for the upcoming PHP 8.3 release page on php.net is in progress, and you can help with that!
This is a continuation of a good tradition started by Roman Pronskiy, Alexander Makarov, and the JetBrains design team.
Early-developments for PHP 8.4
Although PHP 8.3 is still being ironed out, there are some discussions and even an RFC currently being voted for proposed changes in PHP 8.4 (scheduled for the end of 2024).
Declined: Support optional suffix parameter in tempnam by Athos Ribeiro
RFC proposes to add a new optional suffix parameter to the tempnam() function.
A suffix could provide even more semantic value or context for a user inspecting the generated files, and, in specific situations, could even provide more context for software processing such files. Right now, users can only add a prefix.
In Voting: Increasing the default BCrypt cost by Tim DΓΌsterhus
The RFC proposes increasing the default BCrypt cost. This is to enhance adaptive security in relation to increased processing power and thus increased possible cracking speed.
The last time the value was updated 11 years ago. Therefore, Tim suggests updating the default cost from 10 to either 11 (double the time) or 12 (quadruple the time). The RFC and the relevant mailing list thread mention several benchmarks showing the execution time for various cost levels on different CPUs.
Under Discussion: DOM HTML5 parsing and serialization by Niels Dossche
RFC proposes to add two new classes: DOM\HTMLDocument and DOM\XMLDocument to the dom extension. Furthermore, existing dom classes in the global namespace get an alias in the new DOM namespace. The HTMLDocument class will add support for HTML5 document parsing and serializing. The XMLDocument class serves as a modern alternative to \DOMDocument, which is retained for compatibility. These new classes also provide a more misuse-resistant API for loading documents.
Under Discussion: XML_OPTION_PARSE_HUGE by Niels Dossche
RFC proposes to add a new option to the event-driven (SAX) XmlParser that would allow it to parse large documents.
Under Discussion: Add 4 new rounding modes to round() function by Jorg Sowa
RFC proposes to add four new modes to the round() function: PHP_ROUND_CEILING, PHP_ROUND_FLOOR, PHP_ROUND_AWAY_FROM_ZERO, PHP_ROUND_TOWARD_ZERO.
Under Discussion: A new JIT implementation based on IR Framework by Dmitry Stogov
RFC proposes a new JIT implementation that is based on a separately developed IR Framework. The main advantage of the new approach is that PHP source code will be freed from the low-level details of JIT compilation. The downside is a longer JIT-compilation time.
Dmitry emailed PHP Internals mailing list, which led to a lengthy discussion on the merits of the new JIT implementation.
Draft: Deprecations for PHP 8.4 RFC by Niels Dossche
RFC is currently in draft, which stands to track ideas on deprecating certain features. So far those are related to the DOMAttr::$schemaTypeInfo, DOMElement::$schemaTypeInfo properties, DOMImplementation::getFeature(), mysqli_ping(), mysqli::ping() functions, and DOM_PHP_ERR constant.
Documentation
While PHP 8.3 has moved to the RC cycle, the documentation available on php.net, requires updating. An initial version of the PHP 8.3 migration guide has been published by Yoshinari Takaoka.
George P. Banyard π is tracking the progress for PHP 8.3 related changes in php/doc-en#2796, and also triaged issues in the docs and marked several of them as "good first time", which are ideal easy picks if you would like to start contributing to PHP docs. You can find the full list on GitHub.
Merged PRs and Commits
Following are some changes that did not go through an RFC process because they are either planned, bug fixes, or progressive enhancements.
Full list of commits since PHP Core Roundup #16. Commits are in the order they were added, grouped by author in alphabetical order.
Full list of commits since PHP Core Roundup #16. Commits are in the order they were added, grouped by author in alphabetical order.
A big thanks to all our sponsors β PHP Foundation is all of us!
ποΈ π
ποΈΒ Β 1