Joined: 15 Oct 2002
Location: NW England, UK
|Posted: Thu Apr 11, 2013 2:43 pm Post subject: PHP 5.4 - the ultimate nightmare upgrade...!?
|Little word of advice to anyone reading - if you're thinking about upgrading to PHP 5.4 and you've got more than about 10 lines of code running....book yourself into a psych clinic beforehand as you will need it...!
It turns out the folks at PHP HQ decided to be a little devious with this one and make various apparent subtle changes which will cause headaches around the world and give developers grey hairs very quickly. The avatar on the left is also very appropriate.
A couple of seemingly little changes which cause major probs:
- htmlspecialchars() switched from ISO-8859-1 as its default to UTF-8.
No problem there you'd think, except UTF-8 at least in PHP terms is incompatible with pretty much every character on the planet! So what happens when you put an innocent char like "You’re" instead of "You're" through this (fancy apostrophe from Word)?
Everything you put into the function disappears without a trace. Why it does this is anyones guess as its only meant to act on a small number of characters like > < & and quotes, so should be totally capable of ignoring anything else.
Found this out because Wordpress uses it in the admin, but with PHP 5.4 your Wordpress post edit area is blank if there's a single character that UTF-8 doesn't like....you can imagine the hair pulling that one causes and the hours of tracing code.
There are a couple of switches that can be used, although one has security problems so realistically you can only ENT_SUBSTITUTE which makes your text very very odd looking, eg: You’ll -> Youï¿½ll
- Combined functions used to be commonplace in PHP where you could do:
|$output = function1( function2( $input ) ); |
...instead of writing back to memory with function 1, then reading it back out with function 2 etc. High speed efficient programming. Suddenly however, a lot of this isn't allowed especially with internal functions, eg:
|$b = array_pop( array("a","b","c") ); |
Previously this was allowed, but it can now cause errors as apparently the array() needs to write its value into a variable which is then passed into array_pop(). Until 5.4 PHP simply created the variable in its head and let you get on with things but now code like this can cause fatal errors depending on the exact function.
SInce most people tend to write in this slightly shorthand way, imagine how many scripts this one is going to break.
- Randomly introduced settings such as 'max_input_vars' which appeared in PHP from 5.4. This is an extra setting which essentially says there can be a max of X items posted from a form.
In theory a good idea, but as this is buried as a little note without any real explanation in the changelog, it can break large forms. For example, we've got an internal one with a lot of inputs and suddenly it stops working. No warning as to why which would have been nice, just form input is blank.
Many many others: These are just 3 of the many changes they've made in 5.4 without anything more than a footnote in the changelog, or consideration for the fact that it will very likely break stuff. The concentrated functions is going to be a special bugbear as an awful lot of code is written as compact as possible for speed....lots of grey hairs!
So if you're considering upgrading, make sure you read the changelog very carefully as there are a lot more got-ya's in there than those mentioned above.
Mad Theories - Ambleside - Coniston - Grange