New E_WARNING
and E_NOTICE
errors
have been introduced when invalid strings are coerced using operators
expecting numbers (+ -
* / **
% << >>
| & ^) or their
assignment equivalents. An E_NOTICE
is emitted when the
string begins with a numeric value but contains trailing non-numeric
characters, and an E_WARNING
is emitted when the string
does not contain a numeric value.
<?php
'1b' + 'something';
The above example will output:
Notice: A non well formed numeric value encountered in %s on line %d Warning: A non-numeric value encountered in %s on line %d
Previously, 3-octet octal string escape sequences would overflow silently.
Now, they will still overflow, but E_WARNING
will be
emitted.
<?php
var_dump("\500");
The above example will output:
Warning: Octal escape sequence overflow \500 is greater than \377 in %s on line %d string(1) "@"
Whilst $this is considered a special variable in PHP, it lacked proper checks to ensure it wasn't used as a variable name or reassigned. This has now been rectified to ensure that $this cannot be a user-defined variable, reassigned to a different value, or be globalised.
Session IDs will no longer be hashed upon generation. With this change brings about the removal of the following four ini settings:
session.entropy_file
session.entropy_length
session.hash_function
session.hash_bits_per_character
And the addition of the following two ini settings:
session.sid_length
- defines the length of the
session ID, defaulting to 32 characters for backwards compatibility)
session.sid_bits_per_character
- defines the number
of bits to be stored per character (i.e. increases the range of characters
that can be used in the session ID), defaulting to 4 for backwards
compatibility
precision
If the value is set to -1, then the dtoa mode 0 is used. The default value is still 14.
serialize_precision
If the value is set to -1, then the dtoa mode 0 is used. The value -1 is now used by default.
gd.jpeg_ignore_warning
The default of this php.ini setting has been changed to 1, so by default libjpeg warnings are ignored.
Session IDs will now only be generated with a CSPRNG.
NULL
is allowed
TypeError exceptions for arg_info type checks will
now provide more informative error messages. If the parameter type or return
type accepts NULL
(by either having a default value of NULL
or being a
nullable type), then the error message will now mention this with a message
of "must be ... or null" or "must ... or be null."