You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Loosely comparing uncomparable objects (e.g. enums, \CurlHandle and other internal classes) to booleans was previously inconsistent. If compared to a boolean literal $object == true, it would behave the same way as (bool) $object. If compared to a statically unknown value $object == $true, it would always return false. This behavior was consolidated to always follow the behavior of (bool) $object.
Errors emitted during compilation and class linking are now always delayed and handled after compilation or class linking. Fatal errors emitted during compilation or class linking cause any delayed errors to be handled immediately, without calling user-defined error handlers.
Exceptions thrown by user-defined error handlers when handling class linking errors are not promoted to fatal errors anymore and do not prevent linking.
Applying #[\Attribute] to an abstract class, enum, interface, or trait triggers an error during compilation. Previously, the attribute could be added, but when ReflectionAttribute::newInstance() was called an error would be thrown. The error can be delayed from compilation to runtime using the new #[\DelayedTargetValidation] attribute.
Trying to produce output (e.g. with echo) within a user output handler is deprecated. The deprecation warning will bypass the handler producing the output to ensure it is visible; if there are nested output handlers the next one will still be used. If a user output handler returns a non-string and produces output, the warning about producing an output is emitted first. RFC: https://wiki.php.net/rfc/deprecations_php_8_4
Added startup-only max_memory_limit INI setting to control the maximum memory_limit that may be configured at startup or runtime. Exceeding this value emits a warning, unless set to -1, and sets memory_limit to the current max_memory_limit instead. ML discussion: https://externals.io/message/127108
New classes ✅
Details
- [x] `NoDiscard` attribute was added. RFC: https://wiki.php.net/rfc/marking_return_value_as_important #5041
- [x] `DelayedTargetValidation` attribute was added. RFC: https://wiki.php.net/rfc/delayedtargetvalidation_attribute (#5457)
The clone language construct is now a function and supports reassigning (readonly) properties during cloning via the new $withProperties parameter. RFC: https://wiki.php.net/rfc/clone_with_v2
Other changes
The high resolution timer (hrtime()) on macOS now uses the recommended clock_gettime_nsec_np(CLOCK_UPTIME_RAW) API instead of mach_absolute_time().
New warnings and exceptions
BZ2
bzcompress() now throws a ValueError when $block_size is not between 1 and 9.
bzcompress() now throws a ValueError when $work_factor is not between 0 and 250.
FileInfo:
finfo_file() and finfo::file() now throws a ValueError instead of a TypeError when $filename contains nul bytes. This aligns the type of Error thrown to be consistent with the rest of the language.
Intl
IntlDateFormatter::setTimeZone()/datefmt_set_timezone() throws an IntlException on uninitialised classes/clone failures.
Locale:: methods throw a ValueError when locale inputs contain null bytes.
LDAP:
ldap_get_option() and ldap_set_option() now throw a ValueError when passing an invalid option.
MySQLi:
Calling the mysqli constructor on an already-constructed object is now no longer possible and throws an Error.
PCNTL:
pcntl_exec() now throws ValueErrors when entries of the $args parameter contain null bytes.
pcntl_exec() now throws ValueErrors when entries or keys of the $env_vars parameter contain null bytes.
PDO
Attempting to call PDOStatement::setFetchMode during a call to PDO::fetch(), PDO::fetchObject(), PDO::fetchAll(), for example using tricks such as passing the statement object as a constructor argument when fetching into an object, will now throw an Error.
A ValueError is now thrown if PDO::FETCH_PROPS_LATE is used with a fetch mode different than PDO::FETCH_CLASS, consistent with other fetch flags.
A ValueError is now thrown if PDO::FETCH_INTO is used as a fetch mode in PDO::fetchAll(), similar to PDO::FETCH_LAZY.
PDO_FIREBIRD
A ValueError is now thrown when trying to set a cursor name that is too long on a PDOStatement resulting from the Firebird driver.
PDO_SQLITE:
SQLite PDO::quote() will now throw an exception or emit a warning, depending on the error mode, if the string contains a null byte.
PDO::sqliteCreateCollation will now throw an exception if the callback has the wrong return type, making it more in line with Pdo_Sqlite::createCollation behavior.
posix_kill throws a ValueError when the process_id argument is lower or greater than what supports the platform (signed integer or long range), posix_setpgid throws a ValueError when the process_id or the process_group_id is lower than zero or greater than what supports the platform. POSIX: add changelog entries for PHP 8.5 changes #5534
Attempting to write session data where $_SESSION has a key containing the pipe character will now emit a warning instead of silently failing.
session_start is stricter in regard to the option argument. It throws a ValueError if the whole is not a hashmap or a TypeError if read_and_close value is not a valid type compatible with int.
SimpleXML
Passing an XPath expression that returns something other than a node set to SimpleXMLElement::xpath() will now emit a warning and return false, instead of silently failing and returning an empty array.
SNMP✅
Details
snmpget, snmpset, snmp_get2, snmp_set2, snmp_get3, snmp_set3 and SNMP::__construct() throw a ValueError when the hostname is too large, contains any null byte or if the port is given when negative or greater than 65535, timeout and retries values are lower than -1 or too large. SNMP: add changelog for PHP 8.5 ValueError validation #5533
Sockets ✅
Details
socket_create_listen, socket_bind and socket_sendto throw a ValueError if the port is lower than 0 or greater than 65535, and also if any of the hints array entries are indexed numerically. Sockets: add changelog entries for PHP 8.5 changes #5535
tidy::__construct/parseFile/parseString now throws a ValueError if the configuration contains an invalid or set a read-only internal entry, a TypeError contains, at least, one element when the key is not a string.
New extensions
Lexbor
An always enabled lexbor extension is added. It contains the lexbor library that was separated from ext/dom for being reused among other extensions. The new extension is not directly exposed to userland.
URI ✅
Details
- [x] An always enabled uri extension is added that can be used for handling URIs and URLs according to RFC 3986 and WHATWG URL. RFC: https://wiki.php.net/rfc/url_parsing_api
- [x] New classes (#5392)
- [x] `Uri\UriException` (#5466)
- [x] `Uri\InvalidUriException` (#5466)
- [x] `Uri\UriComparisonMode` (#5476)
- [x] `Uri\Rfc3986\Uri` (#5392)
- [x] `Uri\WhatWg\InvalidUrlException` (#5466)
- [x] `Uri\WhatWg\UrlValidationErrorType` (#5474)
- [x] `Uri\WhatWg\UrlValidationError` (#5472)
- [x] `Uri\WhatWg\Url` (#5392)
SAPI changes
CLI ✅
Details
- [x] Trying to set a process title that is too long with `cli_set_process_title()` will now fail instead of silently truncating the given title. (#5077)
- [x] Added a new `--ini=diff` option to print INI settings changed from the builtin default. (#5077)
CLI/CGI ✅
Details
- [x] The `-z` or `--zend-extension` option has been removed as it was non-functional. Use `-d zend_extension=` instead. (#5077)
FPM
FPM with httpd ProxyPass decodes the full script path. Added fastcgi.script_path_encoded INI setting to prevent this new behavior.
FPM access log limit now respects log_limit value.
curl_multi_get_handles() allows retrieving all CurlHandles current attached to a CurlMultiHandle. This includes both handles added using curl_multi_add_handle() and handles accepted by CURLMOPT_PUSHFUNCTION.
curl_easy_setopt with CURLOPT_FOLLOWLOCATION option's value no longer is treated as boolean but integer to handle CURLFOLLOW_OBEYCODE and CURLFOLLOW_FIRSTONLY.
Added support for CURLINFO_USED_PROXY (libcurl >= 8.7.0), CURLINFO_HTTPAUTH_USED, and CURLINFO_PROXYAUTH_USED (libcurl >= 8.12.0) to the curl_getinfo() function. When curl_getinfo() returns an array, the same information is available as "used_proxy", "httpauth_used", and "proxyauth_used" keys. CURLINFO_USED_PROXY gets zero set if no proxy was used in the previous transfer or a non-zero value if a proxy was used. CURLINFO_HTTPAUTH_USED and CURLINFO_PROXYAUTH_USED get bitmasks indicating the HTTP and proxy authentication methods that were used in the previous request. See CURLAUTH_* constants for possible values.
Added CURLOPT_INFILESIZE_LARGE Curl option, which is a safe replacement for CURLOPT_INFILESIZE. On certain systems, CURLOPT_INFILESIZE only accepts a 32-bit signed integer as the file size (2.0 GiB) even on 64-bit systems. CURLOPT_INFILESIZE_LARGE accepts the largest integer value the system can handle.
Added CURLFOLLOW_OBEYCODE, CURLFOLLOW_FIRSTONLY and CURLFOLLOW_ALL values for CURLOPT_FOLLOWLOCATIONcurl_easy_setopt option. CURLFOLLOW_OBEYCODE to follow more strictly in regard to redirect if they are allowed. CURLFOLLOW_FIRSTONLY to follow only the first redirect thus if there is any follow up redirect, it won't go any further. CURLFOLLOW_ALL is equivalent to setting CURLOPT_FOLLOWLOCATION to true.
Added support for CURLINFO_CONN_ID (libcurl >= 8.2.0) to the curl_getinfo() function. This constant allows retrieving the unique ID of the connection used by a cURL transfer. It is primarily useful when connection reuse or connection pooling logic is needed in PHP-level applications. When curl_getinfo() returns an array, this value is available as the "conn_id" key.
Added support for CURLINFO_QUEUE_TIME_T (libcurl >= 8.6.0) to the curl_getinfo() function. This constant allows retrieving the time (in microseconds) that the request spent in libcurl’s connection queue before it was sent. This value can also be retrieved by passing CURLINFO_QUEUE_TIME_T to the curl_getinfo() $option parameter.
Added support for CURLOPT_SSL_SIGNATURE_ALGORITHMS to specify the signature algorithms to use for TLS.
Cloning a DOMNamedNodeMap, DOMNodeList, Dom\NamedNodeMap, Dom\NodeList, Dom\HTMLCollection, and Dom\DtdNamedNodeMap now fails. This never actually resulted in a working object, so the impact should actually be zero.
New functions
Added Dom\Element::getElementsByClassName().
Added Dom\Element::insertAdjacentHTML().
Other changes
Added Dom\Element::$outerHTML.
Added $children property to Dom\ParentNode implementations.
Enchant
New functions
Added enchant_dict_remove_from_session() to remove a word added to the spellcheck session via enchant_dict_add_to_session().
Added enchant_dict_remove() to put a word on the exclusion list and remove it from the session dictionary.
The behaviour of Collator::SORT_REGULAR with respect to handling numeric strings is now aligned with the behaviour of SORT_REGULAR in ext/standard. This is a consequence of fixing bug [intl] Weird numeric sort in Collator php-src#18566.
Added IntlListFormatter class to format, order, and punctuate a list of items with a given locale, IntlListFormatter::TYPE_AND, IntlListFormatter::TYPE_OR, IntlListFormatter::TYPE_UNITS operands and IntlListFormatter::WIDTH_WIDE, IntlListFormatter::WIDTH_SHORT and IntlListFormatter::WIDTH_NARROW widths. It is supported from icu 67.
New functions
Added locale_is_right_to_left/Locale::isRightToLeft, returns true if the locale is written right to left (after its enrichment with likely subtags). (Document Locale::isRightToLeft (PHP 8.5) #5055 for Locale::isRightToLeft)
Added Locale::addLikelySubtags and Locale::minimizeSubtags to handle likely tags on a given locale.
New class constants
Added class constants NumberFormatter::CURRENCY_ISO, NumberFormatter::CURRENCY_PLURAL, NumberFormatter::CASH_CURRENCY, and NumberFormatter::CURRENCY_STANDARD for various currency-related number formats.
New global constants
DECIMAL_COMPACT_SHORT.
DECIMAL_COMPACT_LONG.
Other changes
grapheme_extract() properly assigns $next value when skipping over invalid starting bytes. Previously there were cases where it would point to the start of the grapheme boundary instead of the end.
transliterator_get_error_code(), transliterator_get_error_message()TransLiterator::getErrorCode(), and TransLiterator::getErrorMessage() have dropped the false from the return type union. Returning false was actually never possible.
Intl's internal error mechanism has been modernized so that it indicates more accurately which call site caused what error. Moreover, some ext/date exceptions have been wrapped inside a IntlException now.
ODBC now assumes that at least ODBC 3.5 functionality is available. The ODBCVER definition and build system flags to control it have been removed.
ODBC no longer has build flags to build against specific drivers (except for DB2) and removes special cases for those drivers. It is strongly recommended to use a driver manager like iODBC or unixODBC on non-Windows.
Opcache
BC breaks
The Opcache extension is now always built into the PHP binary and is always loaded. The INI directives opcache.enable and opcache.enable_cli are still honored. The --enable-opcache/--disable-opcache configure flags have been removed, and the build does not produce opcache.so or php_opcache.dll objects anymore. Using zend_extension=opcache.so or zend_extension=php_opcache.dll INI directives will emit a warning.
INI changes
Added opcache.file_cache_read_only to support a read-only opcache.file_cache directory, for use with read-only file systems (e.g. read-only Docker containers). Best used with opcache.validate_timestamps=0, opcache.enable_file_override=1, and opcache.file_cache_consistency_checks=0. Note: A cache generated with a different build of PHP, a different file path, or different settings (including which extensions are loaded), may be ignored.
The default value of opcache.jit_hot_loop is now 61 (a prime) to prevent it from being a multiple of loop iteration counts. It is recommended that this parameter is set to a prime number. Update opcache.jit_hot_loop #4685
Changing opcache.memory_consumption when OPcache SHM is already set up will now correctly report a failure instead of silently doing nothing and showing misleading values in PHPInfo.
New functions
Added opcache_is_script_cached_in_file_cache().
Other changes
The Opcache extension is now always built into the PHP binary and is always loaded. The INI directives opcache.enable and opcache.enable_cli are still honored.
Added openssl.libctx to select the OpenSSL library context type. Either custom libctx for each thread can be used or a single global (default) libctx is used. Document openssl.libctx INI #5033
New global constants
OPENSSL_PKCS1_PSS_PADDING
PKCS7_NOSMIMECAP
PKCS7_CRLFEOL
PKCS7_NOCRL
PKCS7_NO_DUAL_CONTENT
Other changes
openssl_public_encrypt() and openssl_private_decrypt() have new parameter $digest_algo that allows specifying hash digest algorithm for OEAP padding.
openssl_sign() and openssl_verify() have new parameter $padding to allow using more secure RSA PSS padding.
openssl_cms_encrypt()$cipher_algo parameter can be a string with the cipher name. That allows to use more algorithms including AES GCM cipher algorithms for auth enveloped data.
PCNTL
Other changes
pcntl_exec() now has a formal return type of false.
pcntl_waitid() takes an additional resource_usage argument to gather various platform specific metrics about the child process.
The constructor arguments set in conjunction with PDO::FETCH_CLASS now follow the usual CUFA (call_user_func_array) semantics. This means string keys will act like a named argument. Moreover, automatic wrapping for by-value arguments passed to a by-ref parameter has been removed, and the usual E_WARNING about this is now emitted. To pass a variable by-ref to a constructor argument use the general array value reference assignment: $ctor_args = [&$valByRef]
The value of the constants PDO::FETCH_GROUP, PDO::FETCH_UNIQUE, PDO::FETCH_CLASSTYPE, PDO::FETCH_PROPS_LATE, and PDO::FETCH_SERIALIZE have changed.
Constants related to transaction states have been deprecated: PDO::PGSQL_TRANSACTION_IDLE, PDO::PGSQL_TRANSACTION_ACTIVE, PDO::PGSQL_TRANSACTION_INTRANS, PDO::PGSQL_TRANSACTION_INERROR, PDO::PGSQL_TRANSACTION_UNKNOWN. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#extpdo_deprecations
Other changes
PDO::pgsqlCopyFromArray also supports inputs as Iterable.
Pdo\Pgsql::setAttribute and Pdo\Pgsql::prepare supports PDO::ATTR_PREFETCH sets to 0 which set to lazy fetch mode. In this mode, statements cannot be run in parallel.
PDO_SQLite
New functions
Added support for Pdo\Sqlite::setAuthorizer(), which is the equivalent of SQLite3::setAuthorizer(). The only interface difference is that the pdo version returns void.
New class constants
Added class constant Pdo_Sqlite::ATTR_BUSY_STATEMENT.
Added class constants Pdo_Sqlite::ATTR_EXPLAIN_STATEMENT, Pdo_Sqlite::EXPLAIN_MODE_PREPARED, Pdo_Sqlite::EXPLAIN_MODE_EXPLAIN, Pdo_Sqlite::EXPLAIN_MODE_EXPLAIN_QUERY_PLAN.
Other changes
Increased minimum release version support from 3.7.7 to 3.7.17.
Added PDO\Sqlite::ATTR_TRANSACTION_MODE connection attribute with possible values PDO\Sqlite::TRANSACTION_MODE_DEFERRED, PDO\Sqlite::TRANSACTION_MODE_IMMEDIATE, and PDO\Sqlite::TRANSACTION_MODE_EXCLUSIVE, allowing to configure the transaction mode to use when calling beginTransaction().
PGSQL
New functions
pg_close_stmt offers an alternative way to close a prepared statement from the DEALLOCATE sql command in that we can reuse its name afterwards.
pg_service returns the ongoing service name of the connection.
Other changes
pg_copy_from also supports inputs as Iterable.
pg_connect checks if the connection_string argument contains any null byte.
pg_close_stmt checks if the statement_name argument contains any null byte.
The return types of readline_add_history(), readline_clear_history(), and readline_callback_handler_install() have been changed to true, rather than bool.
ReflectionProperty::getMangledName() was introduced.
Other changes
The output of ReflectionClass::__toString() for enums has changed to better indicate that the class is an enum, and that the enum cases are enum cases rather than normal class constants.
The output of ReflectionProperty::__toString() for properties with hooks has changed to indicate what hooks the property has, whether those hooks are final, and whether the property is virtual. This also affects the output of ReflectionClass::__toString() when a class contains hooked properties.
ReflectionAttribute::newInstance() can now throw errors for internal attributes if the attribute was applied on an invalid target and the error was delayed from compile-time to runtime via the #[\DelayedTargetValidation] attribute. RFC: https://wiki.php.net/rfc/delayedtargetvalidation_attribute
ReflectionConstant is no longer final.
Session
Other changes
session_set_cookie_params(), session_get_cookie_params(), and session_start() now support partitioned cookies via the "partitioned" key. RFC: https://wiki.php.net/rfc/CHIPS
SOAP
Other changes
Enumeration cases are now dumped in __getTypes().
Implemented request #61105: support for Soap 1.2 Reason Text xml:lang attribute. The signature of SoapFault::__construct() and SoapServer::fault() therefore now have an optional $lang parameter. This support solves compatibility with .NET SOAP clients.
mail() now returns the actual sendmail error and detects if the sendmail process was terminated unexpectedly. In such cases, a warning is emitted and the function returns false. Previously, these errors were silently ignored. This change affects only the sendmail transport.
getimagesize() now supports HEIF/HEIC images.
getimagesize() now supports SVG images when ext-libxml is also loaded. Similarly, image_type_to_extension() and image_type_to_mime_type() now also handle IMAGETYPE_SVG.
The array returned by getimagesize() now has two additional entries: "width_unit" and "height_unit" to indicate in which units the dimensions are expressed. These units are px by default. They are not necessarily the same (just to give one example: one may be cm and the other may be px).
The $namespace argument of XSLTProcessor::getParameter(), XSLTProcessor::setParameter() and XSLTProcessor::removeParameter() now actually works instead of being treated as empty. This only works if the $name argument does not use Clark notation and is not a QName because in those cases the namespace is taken from the namespace href or prefix respectively.
Zlib
Other changes
The "use_include_path" argument for the gzfile, gzopen and readgzfile functions had been changed from int to boolean.
gzfile, gzopen and readgzfile functions now respect the default stream context.
flock() is now supported on zlib streams. Previously, this always failed to perform any locking action.
Windows Support
The configuration variables PHP_VERSION, PHP_MINOR_VERSION, and PHP_RELEASE_VERSION are now always numbers. Previously, they have been strings for buildconf builds.
phpize builds now reflect the source tree in the build dir (like that already worked for in-tree builds); some extension builds (especially when using Makefile.frag.w32) may need adjustments.
--enable-sanitizer is now supported for MSVC builds. This enables ASan and debug assertions, and is supported as of MSVC 16.10 and Windows 10.
The --with-uncritical-warn-choke configuration option for clang builds is no longer supported. Select warnings to suppress via CFLAGS instead.
COM:
The extension is now build shared by default; previously it defaulted to a static extension, although the official Windows binaries built a shared extension.
FFI:
It is no longer necessary to specify the library when using FFI::cdef() and FFI::load(). However, this convenience feature should not be used in production.
Streams:
If only pipe streams are contained in the $read array, and the $write and $except arrays are empty, stream_select() now behaves similar to POSIX systems, i.e. the function only returns if at least one pipe is ready to be read, or after the timeout expires. Previously, stream_select() returned immediately, reporting all streams as ready to read.
Pages which need to be added/modified for complete documentation of PHP 8.5:
Note
This issue is still a Work In Progress
Important
Priority should be given to documenting Core language and ext/standard behavioral changes
Migration Guide
Core
Backward Incompatible Changes
class_alias(). Add reserved words restrictions for class-alias in PHP 8.5 #5059\CurlHandleand other internal classes) to booleans was previously inconsistent. If compared to a boolean literal$object == true, it would behave the same way as(bool) $object. If compared to a statically unknown value$object == $true, it would always returnfalse. This behavior was consolidated to always follow the behavior of(bool) $object.gc_collect_cycles()no longer includes strings and resources that were indirectly collected through cycles. (gc_collect_cycles(): add changelog for PHP 8.5 #5528)staticwithselfor the concrete class name infinalsubclasses.register_tick_functionin destructor php-src#18033.ReflectionClass::getPropertywith trait and inheritance php-src#15753 and Collision of interface constant and trait constant should not produce fatal error php-src#16198.#[\Attribute]to an abstract class, enum, interface, or trait triggers an error during compilation. Previously, the attribute could be added, but whenReflectionAttribute::newInstance()was called an error would be thrown. The error can be delayed from compilation to runtime using the new#[\DelayedTargetValidation]attribute.disable_classesINI setting has been removed as it causes various engine assumptions to be broken. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#remove_disable_classes_ini_setting (Document PHP 8.5.0 ini directive deprecations and removals #5419)[]orlist()now emits a warning. RFC: https://wiki.php.net/rfc/warnings-php-8-5#destructuring_non-array_valuesDeprecations
Returning a non-string from a user output handler is deprecated. The deprecation warning will bypass the handler with the bad return to ensure it is visible; if there are nested output handlers the next one will still be used. RFC: https://wiki.php.net/rfc/deprecations_php_8_4Reverted, Revert "Deprecate returning non-string values from a user output handler (#18932)" php-src#20455echo) within a user output handler is deprecated. The deprecation warning will bypass the handler producing the output to ensure it is visible; if there are nested output handlers the next one will still be used.If a user output handler returns a non-string and produces output, the warning about producing an output is emitted first.RFC: https://wiki.php.net/rfc/deprecations_php_8_4(boolean),(integer),(double), and(binary)have been deprecated, use(bool),(int),(float), and(string)respectively. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_non-standard_cast_names PHP 8.5 deprecated non-canonical cast names #5016$exclude_disabledparameter of theget_defined_functions()function has been deprecated, as it no longer has any effect since PHP 8.0. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_the_exclude_disabled_parameter_of_get_defined_functions - Note deprecated get_defined_functions argument. #4893shell_exec()has been deprecated. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_backticks_as_an_alias_for_shell_exec Add changelog entry for deprecation of backtick operator in PHP 8.5.0 #5017__debugInfo()has been deprecated. Return an empty array instead. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_debuginfo_returning_nullreport_memleaksINI directive has been deprecated. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_the_report_memleaks_ini_directive (Document PHP 8.5.0 ini directive deprecations and removals #5419)str_increment()function should be used. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#enact_follow-up_phase_of_the_path_to_saner_incrementdecrement_operators_rfcE_WARNING, are now deprecated:$thisfrom a method$thisfrom a closure that uses$thisRFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_closure_binding_issues
nullas an array offset or when callingarray_key_exists()is now deprecated. Instead an empty string should be used. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_using_values_null_as_an_array_offset_and_when_calling_array_key_exists (Update array-key-exists.xml with deprecation notice #5063 for array_key_exists) (array offset still needed, update language.types.array.php)$_SERVER['argc']and$_SERVER['argv']from the query string for non-CLI SAPIs has been deprecated. Configureregister_argc_argv=0and switch to either$_GETor$_SERVER['QUERY_STRING']to access the information, after verifying that the usage is safe. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_the_register_argc_argv_ini_directive (Document PHP 8.5.0 ini directive deprecations and removals #5419)__sleep()and__wakeup()magic methods have been deprecated. The__serialize()and__unserialize()magic methods should be used instead, or at the same time if compatibility with PHP 7 is required. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_the_sleep_and_wakeup_magic_methodsINI changes
fatal_error_backtracesto control whether fatal errors should include a backtrace. RFC: https://wiki.php.net/rfc/error_backtraces_v2 (ini.fatal-error-backtraces #5452)max_memory_limitINI setting to control the maximummemory_limitthat may be configured at startup or runtime. Exceeding this value emits a warning, unless set to-1, and setsmemory_limitto the currentmax_memory_limitinstead. ML discussion: https://externals.io/message/127108New classes ✅
Details
- [x] `NoDiscard` attribute was added. RFC: https://wiki.php.net/rfc/marking_return_value_as_important #5041 - [x] `DelayedTargetValidation` attribute was added. RFC: https://wiki.php.net/rfc/delayedtargetvalidation_attribute (#5457)New functions ✅
Details
get_error_handler()allows retrieving the current user-defined error handler function. RFC: https://wiki.php.net/rfc/get-error-exception-handler Document get_error_handler(), get_exception_handler() #4567get_exception_handler()allows retrieving the current user-defined exception handler function. RFC: https://wiki.php.net/rfc/get-error-exception-handler Document get_error_handler(), get_exception_handler() #4567Closure::getCurrent()to receive currently executing closure. d74f357New global constants ✅
Details
PHP_BUILD_DATE. Add PHP_BUILD_DATE and PHP_BUILD_PROVIDER constants #5058PHP_BUILD_PROVIDER. Add PHP_BUILD_DATE and PHP_BUILD_PROVIDER constants #5058New features
Closureis now a proper subtype ofcallableClosuresand first class callables in constant expressions. RFC: https://wiki.php.net/rfc/closures_in_const_expr RFC: https://wiki.php.net/rfc/fcc_in_const_expr#[\NoDiscard]attribute to indicate that a function's return value is important and should be consumed. RFC: https://wiki.php.net/rfc/marking_return_value_as_important Add NoDiscard attribute #5041(void)cast to indicate that not using a value is intentional. The(void)cast has no effect on the program's execution by itself, but it can be used to suppress warnings emitted by#[\NoDiscard]and possibly also diagnostics emitted by external IDEs or static analysis tools. RFC: https://wiki.php.net/rfc/marking_return_value_as_important (Add (void) casting syntax for PHP 8.5 #5546)#[\Deprecated]attribute can now be used on constants. RFC: https://wiki.php.net/rfc/attributes-on-constants|>) operator. RFC: https://wiki.php.net/rfc/pipe-operator-v3 (Document the pipe operator. #4890)#[\Override]can now be applied to properties. RFC: https://wiki.php.net/rfc/override_properties Override: document usage with properties (PHP 8.5) #4821#[\DelayedTargetValidation]attribute can be used to suppress compile-time errors from core (or extension) attributes that are used on invalid targets. These errors are instead reported at runtime if and whenReflectionAttribute::newInstance()is called. RFC: https://wiki.php.net/rfc/delayedtargetvalidation_attribute (Document DelayedTargetValidation attribute (PHP 8.5) #5457)clonelanguage construct is now a function and supports reassigning (readonly) properties during cloning via the new$withPropertiesparameter. RFC: https://wiki.php.net/rfc/clone_with_v2Other changes
hrtime()) on macOS now uses the recommendedclock_gettime_nsec_np(CLOCK_UPTIME_RAW)API instead ofmach_absolute_time().New warnings and exceptions
BZ2
bzcompress()now throws aValueErrorwhen$block_sizeis not between 1 and 9.bzcompress()now throws aValueErrorwhen$work_factoris not between 0 and 250.FileInfo:
finfo_file()andfinfo::file()now throws aValueErrorinstead of aTypeErrorwhen$filenamecontains nul bytes. This aligns the type ofErrorthrown to be consistent with the rest of the language.Intl
IntlDateFormatter::setTimeZone()/datefmt_set_timezone()throws anIntlExceptionon uninitialised classes/clone failures.Locale::methods throw aValueErrorwhen locale inputs contain null bytes.LDAP:
ldap_get_option()andldap_set_option()now throw aValueErrorwhen passing an invalid option.MySQLi:
Error.PCNTL:
pcntl_exec()now throwsValueErrors when entries of the$argsparameter contain null bytes.pcntl_exec()now throwsValueErrors when entries or keys of the$env_varsparameter contain null bytes.PDO
PDOStatement::setFetchModeduring a call toPDO::fetch(),PDO::fetchObject(),PDO::fetchAll(), for example using tricks such as passing the statement object as a constructor argument when fetching into an object, will now throw anError.ValueErroris now thrown ifPDO::FETCH_PROPS_LATEis used with a fetch mode different thanPDO::FETCH_CLASS, consistent with other fetch flags.ValueErroris now thrown ifPDO::FETCH_INTOis used as a fetch mode inPDO::fetchAll(), similar toPDO::FETCH_LAZY.PDO_FIREBIRD
ValueErroris now thrown when trying to set a cursor name that is too long on a PDOStatement resulting from the Firebird driver.PDO_SQLITE:
PDO::quote()will now throw an exception or emit a warning, depending on the error mode, if the string contains a null byte.PDO::sqliteCreateCollationwill now throw an exception if the callback has the wrong return type, making it more in line withPdo_Sqlite::createCollationbehavior.POSIX ✅
Details
posix_isattyraises anE_WARNINGmessage when encountering an invalid file descriptor. POSIX: add changelog entries for PHP 8.5 changes #5534posix_fpathconfchecks invalid file descriptors and sets last_error to EBADF and raises anE_WARNINGmessage. POSIX: add changelog entries for PHP 8.5 changes #5534posix_killthrows aValueErrorwhen the process_id argument is lower or greater than what supports the platform (signed integer or long range),posix_setpgidthrows aValueErrorwhen the process_id or the process_group_id is lower than zero or greater than what supports the platform. POSIX: add changelog entries for PHP 8.5 changes #5534posix_setrlimitthrows aValueErrorwhen the hard_limit of soft_limit argument are lower than -1 or if soft_limit is greater than hard_limit. POSIX: add changelog entries for PHP 8.5 changes #5534Session
$_SESSIONhas a key containing the pipe character will now emit a warning instead of silently failing.session_startis stricter in regard to the option argument. It throws aValueErrorif the whole is not a hashmap or aTypeErrorif read_and_close value is not a valid type compatible with int.SimpleXML
SimpleXMLElement::xpath()will now emit a warning and return false, instead of silently failing and returning an empty array.SNMP✅
Details
snmpget,snmpset,snmp_get2,snmp_set2,snmp_get3,snmp_set3andSNMP::__construct()throw aValueErrorwhen the hostname is too large, contains any null byte or if the port is given when negative or greater than 65535, timeout and retries values are lower than -1 or too large. SNMP: add changelog for PHP 8.5 ValueError validation #5533Sockets ✅
Details
socket_create_listen,socket_bindandsocket_sendtothrow aValueErrorif the port is lower than 0 or greater than 65535, and also if any of the hints array entries are indexed numerically. Sockets: add changelog entries for PHP 8.5 changes #5535socket_addrinfo_lookupthrows aTypeErrorif any of the hints values cannot be cast to int and can throw aValueErrorif any of these values overflow. Sockets: add changelog entries for PHP 8.5 changes #5535socket_set_optionwithMCAST_LEAVE_GROUP/MCAST_LEAVE_SOURCE_GROUPoptions will throw an exception if the value isn't a valid object or array. Sockets: add changelog entries for PHP 8.5 changes #5535socket_set_optionwith multicast context throws aValueErrorwhen the created socket is not ofAF_INET/AF_INET6family. Sockets: add changelog entries for PHP 8.5 changes #5535Tidy
tidy::__construct/parseFile/parseStringnow throws aValueErrorif the configuration contains an invalid or set a read-only internal entry, aTypeErrorcontains, at least, one element when the key is not a string.New extensions
Lexbor
URI ✅
Details
- [x] An always enabled uri extension is added that can be used for handling URIs and URLs according to RFC 3986 and WHATWG URL. RFC: https://wiki.php.net/rfc/url_parsing_api - [x] New classes (#5392) - [x] `Uri\UriException` (#5466) - [x] `Uri\InvalidUriException` (#5466) - [x] `Uri\UriComparisonMode` (#5476) - [x] `Uri\Rfc3986\Uri` (#5392) - [x] `Uri\WhatWg\InvalidUrlException` (#5466) - [x] `Uri\WhatWg\UrlValidationErrorType` (#5474) - [x] `Uri\WhatWg\UrlValidationError` (#5472) - [x] `Uri\WhatWg\Url` (#5392)SAPI changes
CLI ✅
Details
- [x] Trying to set a process title that is too long with `cli_set_process_title()` will now fail instead of silently truncating the given title. (#5077) - [x] Added a new `--ini=diff` option to print INI settings changed from the builtin default. (#5077)CLI/CGI ✅
Details
- [x] The `-z` or `--zend-extension` option has been removed as it was non-functional. Use `-d zend_extension=` instead. (#5077)FPM
fastcgi.script_path_encodedINI setting to prevent this new behavior.Extension changes
Curl
curl_close()function has been deprecated, asCurlHandleobjects are freed automatically. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_curl_close curl_close: add changelog for NOP and deprecation #5178curl_share_close()function has been deprecated, asCurlShareHandleobjects are freed automatically. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_curl_share_close curl_share_close: add changelog for NOP and deprecation #5249CurlSharePersistentHandlerepresenting a share handle that is persisted across multiple PHP requests. RFC: https://wiki.php.net/rfc/curl_share_persistence_improvementext/curl: addcurl_share_init_persistent#4363curl_multi_get_handles()allows retrieving allCurlHandles current attached to aCurlMultiHandle. This includes both handles added usingcurl_multi_add_handle()and handles accepted byCURLMOPT_PUSHFUNCTION.curl_share_init_persistent()allows creating a share handle that is persisted across multiple PHP requests. RFC: https://wiki.php.net/rfc/curl_share_persistence_improvementext/curl: addcurl_share_init_persistent#4363CURLINFO_USED_PROXY.CURLINFO_HTTPAUTH_USED.CURLINFO_PROXYAUTH_USED.CURLINFO_CONN_ID.CURLINFO_QUEUE_TIME_T.CURLOPT_INFILESIZE_LARGE.CURLFOLLOW_ALL.CURLFOLLOW_OBEYCODE.CURLFOLLOW_FIRSTONLY.curl_easy_setoptwithCURLOPT_FOLLOWLOCATIONoption's value no longer is treated as boolean but integer to handleCURLFOLLOW_OBEYCODEandCURLFOLLOW_FIRSTONLY.CURLINFO_USED_PROXY(libcurl >= 8.7.0),CURLINFO_HTTPAUTH_USED, andCURLINFO_PROXYAUTH_USED(libcurl >= 8.12.0) to thecurl_getinfo()function. Whencurl_getinfo()returns an array, the same information is available as"used_proxy","httpauth_used", and"proxyauth_used"keys.CURLINFO_USED_PROXYgets zero set if no proxy was used in the previous transfer or a non-zero value if a proxy was used.CURLINFO_HTTPAUTH_USEDandCURLINFO_PROXYAUTH_USEDget bitmasks indicating the HTTP and proxy authentication methods that were used in the previous request. SeeCURLAUTH_*constants for possible values.CURLOPT_INFILESIZE_LARGECurl option, which is a safe replacement forCURLOPT_INFILESIZE. On certain systems,CURLOPT_INFILESIZEonly accepts a 32-bit signed integer as the file size (2.0 GiB) even on 64-bit systems.CURLOPT_INFILESIZE_LARGEaccepts the largest integer value the system can handle.CURLFOLLOW_OBEYCODE,CURLFOLLOW_FIRSTONLYandCURLFOLLOW_ALLvalues forCURLOPT_FOLLOWLOCATIONcurl_easy_setoptoption.CURLFOLLOW_OBEYCODEto follow more strictly in regard to redirect if they are allowed.CURLFOLLOW_FIRSTONLYto follow only the first redirect thus if there is any follow up redirect, it won't go any further.CURLFOLLOW_ALLis equivalent to settingCURLOPT_FOLLOWLOCATIONto true.CURLINFO_CONN_ID(libcurl >= 8.2.0) to thecurl_getinfo()function. This constant allows retrieving the unique ID of the connection used by a cURL transfer. It is primarily useful when connection reuse or connection pooling logic is needed in PHP-level applications. Whencurl_getinfo()returns an array, this value is available as the"conn_id"key.CURLINFO_QUEUE_TIME_T(libcurl >= 8.6.0) to thecurl_getinfo()function. This constant allows retrieving the time (in microseconds) that the request spent in libcurl’s connection queue before it was sent. This value can also be retrieved by passingCURLINFO_QUEUE_TIME_Tto thecurl_getinfo()$option parameter.CURLOPT_SSL_SIGNATURE_ALGORITHMSto specify the signature algorithms to use for TLS.Date
DATE_RFC7231andDateTimeInterface::RFC7231constants have been deprecated. This is because the associated timezone is ignored and always uses GMT. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_date_rfc7231_and_datetimeinterfacerfc7231 (DATE_RFC7231 constant has been deprecated in PHP 8.5 #5505)__wakeup()magic method ofDateTimeInterface,DateTime,DateTimeImmutable,DateTimeZone,DateInterval, andDatePeriodhas been deprecated in favour of the__unserialize()magic method. Related to RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_the_sleep_and_wakeup_magic_methodsDOM
DOMNamedNodeMap,DOMNodeList,Dom\NamedNodeMap,Dom\NodeList,Dom\HTMLCollection, andDom\DtdNamedNodeMapnow fails. This never actually resulted in a working object, so the impact should actually be zero.Dom\Element::getElementsByClassName().Dom\Element::insertAdjacentHTML().Dom\Element::$outerHTML.$childrenproperty toDom\ParentNodeimplementations.Enchant
enchant_dict_remove_from_session()to remove a word added to the spellcheck session viaenchant_dict_add_to_session().enchant_dict_remove()to put a word on the exclusion list and remove it from the session dictionary.Exif
FileInfo
finfo_close()function has been deprecated. Asfinfoobjects are freed automatically. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_finfo_close finfo_close: add changelog for NOP and deprecation #5373finfo_buffer()function has been deprecated as it is ignored. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_the_context_parameter_for_finfo_bufferfinfo_close()has been changed to true, rather than bool.Filter
Filter\FilterException(https://wiki.php.net/rfc/filter_throw_on_failure)Filter\FilterFailedException(https://wiki.php.net/rfc/filter_throw_on_failure)FILTER_THROW_ON_FAILURE(https://wiki.php.net/rfc/filter_throw_on_failure)GD: ✅
Details
imagedestroy()function has been deprecated, asGdImageobjects are freed automatically. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_imagedestroy imagedestroy: add changelog for deprecation #5125Hash
MHASH_*constants have been deprecated. These have been overlooked when themhash*()function family has been deprecated per https://wiki.php.net/rfc/deprecations_php_8_1#mhash_function_familyIntl
Collator::SORT_REGULARwith respect to handling numeric strings is now aligned with the behaviour ofSORT_REGULARin ext/standard. This is a consequence of fixing bug [intl] Weird numeric sort in Collator php-src#18566.intl.error_levelINI setting has been deprecated. Errors should either be checked manually or exceptions should be enabled by using theintl.use_exceptionsINI setting. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_intlerror_level_ini_settingIntlListFormatterclass to format, order, and punctuate a list of items with a given locale,IntlListFormatter::TYPE_AND,IntlListFormatter::TYPE_OR,IntlListFormatter::TYPE_UNITSoperands andIntlListFormatter::WIDTH_WIDE,IntlListFormatter::WIDTH_SHORTandIntlListFormatter::WIDTH_NARROWwidths. It is supported from icu 67.locale_is_right_to_left/Locale::isRightToLeft, returns true if the locale is written right to left (after its enrichment with likely subtags). (Document Locale::isRightToLeft (PHP 8.5) #5055 forLocale::isRightToLeft)grapheme_levenshtein()function. RFC: https://wiki.php.net/rfc/grapheme_levenshtein (Add manual for grapheme_levenshtein function. #5005)Locale::addLikelySubtagsandLocale::minimizeSubtagsto handle likely tags on a given locale.NumberFormatter::CURRENCY_ISO,NumberFormatter::CURRENCY_PLURAL,NumberFormatter::CASH_CURRENCY, andNumberFormatter::CURRENCY_STANDARDfor various currency-related number formats.DECIMAL_COMPACT_SHORT.DECIMAL_COMPACT_LONG.grapheme_extract()properly assigns $next value when skipping over invalid starting bytes. Previously there were cases where it would point to the start of the grapheme boundary instead of the end.transliterator_get_error_code(),transliterator_get_error_message()TransLiterator::getErrorCode(), andTransLiterator::getErrorMessage()have dropped the false from the return type union. Returning false was actually never possible.grapheme_strpos(),grapheme_stripos(),grapheme_strrpos(),grapheme_strripos(),grapheme_strstr(),grapheme_stristr()andgrapheme_levenshtein()functions add $locale parameter. RFC: https://wiki.php.net/rfc/grapheme_add_locale_for_case_insensitiveLDAP
ldap_connectwith wallet support,ldap_connect_wallet()List of affected constants:GSLC_SSL_NO_UATH,GSLC_SSL_ONEWAY_UATH,GSLC_SSL_TWOWAY_UATH. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_building_ext_ldap_against_oracle_ldapldap_get_option()now accepts a NULL connection, asldap_set_option(), to allow retrieval of global options.libxml
libxml_set_external_entity_loader()now has a formal return type of true.MBstring
MySQLi
mysqli_execute()alias function has been deprecated. Usemysqli_stmt_execute()instead. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#formally_deprecate_mysqli_executeODBC
Opcache
opcache.enableandopcache.enable_cliare still honored. The--enable-opcache/--disable-opcacheconfigure flags have been removed, and the build does not produceopcache.soorphp_opcache.dllobjects anymore. Usingzend_extension=opcache.soorzend_extension=php_opcache.dllINI directives will emit a warning.opcache.file_cache_read_onlyto support a read-onlyopcache.file_cachedirectory, for use with read-only file systems (e.g. read-only Docker containers). Best used withopcache.validate_timestamps=0,opcache.enable_file_override=1, andopcache.file_cache_consistency_checks=0. Note: A cache generated with a different build of PHP, a different file path, or different settings (including which extensions are loaded), may be ignored.opcache.jit_hot_loopis now 61 (a prime) to prevent it from being a multiple of loop iteration counts. It is recommended that this parameter is set to a prime number. Update opcache.jit_hot_loop #4685opcache.memory_consumptionwhen OPcache SHM is already set up will now correctly report a failure instead of silently doing nothing and showing misleading values in PHPInfo.opcache_is_script_cached_in_file_cache().opcache.enableandopcache.enable_cliare still honored.OpenSSL
$key_lengthparameter foropenssl_pkey_derive()has been deprecated. This is because it is either ignored, or truncates the key, which can be a vulnerability. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_key_length_parameter_of_openssl_pkey_derive Document key_length param deprecation in openssl_pkey_derive #5032openssl.libctxto select the OpenSSL library context type. Either custom libctx for each thread can be used or a single global (default) libctx is used. Document openssl.libctx INI #5033OPENSSL_PKCS1_PSS_PADDINGPKCS7_NOSMIMECAPPKCS7_CRLFEOLPKCS7_NOCRLPKCS7_NO_DUAL_CONTENTopenssl_public_encrypt()andopenssl_private_decrypt()have new parameter$digest_algothat allows specifying hash digest algorithm for OEAP padding.openssl_sign()andopenssl_verify()have new parameter$paddingto allow using more secure RSA PSS padding.openssl_cms_encrypt()$cipher_algoparameter can be a string with the cipher name. That allows to use more algorithms including AES GCM cipher algorithms for auth enveloped data.PCNTL
pcntl_exec()now has a formal return type of false.pcntl_waitid()takes an additional resource_usage argument to gather various platform specific metrics about the child process.PCRE
PCRE2_EXTRA_ALLOW_LOOKAROUND_BSKcompile option.\Kin lookbehind/lookahead should be always invalid PCRE2Project/pcre2#736 (comment)Other changesUpgraded pcre2lib from 10.44 to 10.46.(reverted, Downgrade pcre2 to 10.44 php-src#20380)PDO
PDO::FETCH_CLASSnow follow the usual CUFA (call_user_func_array) semantics. This means string keys will act like a named argument. Moreover, automatic wrapping for by-value arguments passed to a by-ref parameter has been removed, and the usualE_WARNINGabout this is now emitted. To pass a variable by-ref to a constructor argument use the general array value reference assignment:$ctor_args = [&$valByRef]PDO::FETCH_GROUP,PDO::FETCH_UNIQUE,PDO::FETCH_CLASSTYPE,PDO::FETCH_PROPS_LATE, andPDO::FETCH_SERIALIZEhave changed.List of affected constants and their replacement:
List of affected methods and their replacement:
PDO::pgsqlCopyFromArray()=>Pdo\Pgsql::copyFromArray()PDO::pgsqlCopyFromFile()=>Pdo\Pgsql::copyFromFile()PDO::pgsqlCopyToArray()=>Pdo\Pgsql::copyToArray()PDO::pgsqlCopyToFile()=>Pdo\Pgsql::copyToFile()PDO::pgsqlGetNotify()=>Pdo\Pgsql::getNotify()PDO::pgsqlGetPid()=>Pdo\Pgsql::getPid()PDO::pgsqlLOBCreate()=>Pdo\Pgsql::lobCreate()PDO::pgsqlLOBOpen()=>Pdo\Pgsql::lobOpen()PDO::pgsqlLOBUnlink()=>Pdo\Pgsql::lobUnlink()PDO::sqliteCreateAggregate()=>Pdo\Sqlite::createAggregate()PDO::sqliteCreateCollation()=>Pdo\Sqlite::createCollation()PDO::sqliteCreateFunction()=>Pdo\Sqlite::createFunction()PDO_ODBC
SQL_NO_TOTALinSQLGetDataare also better handled as well. This should improve compatibility and performance. See pdo_odbc: Don't fetch 256 byte blocks for long columns php-src#10809, Drivers can providePDO_ODBCincorrectly converted data for long columns with stateful encodings php-src#10733.PDO_PGSQL
PDO::PGSQL_TRANSACTION_IDLE,PDO::PGSQL_TRANSACTION_ACTIVE,PDO::PGSQL_TRANSACTION_INTRANS,PDO::PGSQL_TRANSACTION_INERROR,PDO::PGSQL_TRANSACTION_UNKNOWN. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#extpdo_deprecationsPDO::pgsqlCopyFromArrayalso supports inputs asIterable.Pdo\Pgsql::setAttributeandPdo\Pgsql::preparesupportsPDO::ATTR_PREFETCHsets to0which set to lazy fetch mode. In this mode, statements cannot be run in parallel.PDO_SQLite
Pdo\Sqlite::setAuthorizer(), which is the equivalent ofSQLite3::setAuthorizer(). The only interface difference is that the pdo version returns void.Pdo_Sqlite::ATTR_BUSY_STATEMENT.Pdo_Sqlite::ATTR_EXPLAIN_STATEMENT,Pdo_Sqlite::EXPLAIN_MODE_PREPARED,Pdo_Sqlite::EXPLAIN_MODE_EXPLAIN,Pdo_Sqlite::EXPLAIN_MODE_EXPLAIN_QUERY_PLAN.PDO\Sqlite::ATTR_TRANSACTION_MODEconnection attribute with possible valuesPDO\Sqlite::TRANSACTION_MODE_DEFERRED,PDO\Sqlite::TRANSACTION_MODE_IMMEDIATE, andPDO\Sqlite::TRANSACTION_MODE_EXCLUSIVE, allowing to configure the transaction mode to use when callingbeginTransaction().PGSQL
pg_close_stmtoffers an alternative way to close a prepared statement from the DEALLOCATE sql command in that we can reuse its name afterwards.pg_servicereturns the ongoing service name of the connection.pg_copy_fromalso supports inputs asIterable.pg_connectchecks if the connection_string argument contains any null byte.pg_close_stmtchecks if the statement_name argument contains any null byte.POSIX
POSIX_SC_OPEN_MAX.posix_ttynamesets last_error to EBADF when encountering an invalid file descriptor. (POSIX: add changelog entries for PHP 8.5 changes #5534)Readline
readline_add_history(),readline_clear_history(), andreadline_callback_handler_install()have been changed totrue, rather thanbool.Reflection
setAccessible()methods of various Reflection objects have been deprecated, as those no longer have an effect. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_reflectionsetaccessibleReflectionClass::getConstant()for constants that do not exist has been deprecated. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_reflectionclassgetconstant_for_missing_constantsReflectionProperty::getDefaultValue()for properties without default values has been deprecated. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_reflectionpropertygetdefaultvalue_for_properties_without_default_valuesReflectionConstant::getFileName()was introduced. W.I.P: PHP 8.4: Add ReflectionConstant stubs #4040ReflectionConstant::getExtension()andReflectionConstant::getExtensionName()were introduced. W.I.P: PHP 8.4: Add ReflectionConstant stubs #4040ReflectionConstant::getAttributes()was introduced. RFC: https://wiki.php.net/rfc/attributes-on-constantsReflectionProperty::getMangledName()was introduced.ReflectionClass::__toString()for enums has changed to better indicate that the class is an enum, and that the enum cases are enum cases rather than normal class constants.ReflectionProperty::__toString()for properties with hooks has changed to indicate what hooks the property has, whether those hooks are final, and whether the property is virtual. This also affects the output ofReflectionClass::__toString()when a class contains hooked properties.ReflectionAttribute::newInstance()can now throw errors for internal attributes if the attribute was applied on an invalid target and the error was delayed from compile-time to runtime via the#[\DelayedTargetValidation]attribute. RFC: https://wiki.php.net/rfc/delayedtargetvalidation_attributeReflectionConstantis no longer final.Session
session_set_cookie_params(),session_get_cookie_params(), andsession_start()now support partitioned cookies via the "partitioned" key. RFC: https://wiki.php.net/rfc/CHIPSSOAP
__getTypes().SoapFault::__construct()andSoapServer::fault()therefore now have an optional $lang parameter. This support solves compatibility with .NET SOAP clients.Sockets
IPPROTO_ICMP/IPPROTO_ICMPV6.TCP_FUNCTION_BLK(FreeBSD only).TCP_FUNCTION_ALIAS(FreeBSD only).TCP_REUSPORT_LB_NUMA(FreeBSD only).TCP_REUSPORT_LB_NUMA_NODOM(FreeBSD only).TCP_REUSPORT_LB_NUMA_CURDOM(FreeBSD only).TCP_BBR_ALGORITHM(FreeBSD only).AF_PACKET(Linux only). (Sockets: add changelog entries for PHP 8.5 changes #5535)IP_BINDANY(FreeBSD/NetBSD/OpenBSD only).SO_BUSY_POLL(Linux only).UDP_SEGMENT(Linux only).SHUT_RD.SHUT_WR.SHUT_RDWR.socket_create/socket_bindcan createAF_PACKETfamily sockets. (Sockets: add changelog entries for PHP 8.5 changes #5535 partially updatedsocket_create, not done yet)socket_getsocknamegets the interface index and its string representation withAF_PACKETsocket. (Sockets: add changelog entries for PHP 8.5 changes #5535)SPL
ArrayObjectno longer accepts enums, as modifying the$nameor$valueproperties can break engine assumptions.SplFileObject::fwrite's parameter$lengthis now nullable. The default value changed from0tonull.spl_autoload_call()function as a callback argument tospl_autoload_unregister()has been deprecated. Instead if this is needed, one should iterate over the return value ofspl_autoload_functions()and callspl_autoload_unregister()on each value. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_passing_spl_autoload_call_to_spl_autoload_unregisterSplObjectStorage::contains(),SplObjectStorage::attach(), andSplObjectStorage::detach()methods have been deprecated in favour ofSplObjectStorage::offsetExists(),SplObjectStorage::offsetSet(), andSplObjectStorage::offsetUnset()respectively. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_splobjectstoragecontains_splobjectstorageattach_and_splobjectstoragedetachArrayObjectandArrayIteratorwith objects has been deprecated. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_arrayobject_and_arrayiterator_with_objectsSqlite
Sqlite3Stmt::busyto check if a statement had been fetched but not completely.Sqlite3Stmt::EXPLAIN_MODE_PREPARED,Sqlite3Stmt::EXPLAIN_MODE_EXPLAINandSqlite3Stmt::EXPLAIN_MODE_EXPLAIN_QUERY_PLAN.Standard
socket_set_timeout()alias function has been deprecated. Usestream_set_timeout()instead. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#formally_deprecate_socket_set_timeoutnullto toreaddir(),rewinddir(), andclosedir()to use the last opened directory has been deprecated. Provide the last opened directory explicitly instead. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_passing_null_to_readdir_rewinddir_and_closedirchr()is now deprecated. This is because a byte can only hold a value within this interval. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_passing_integers_outside_the_interval_0_255_to_chrord()is now deprecated, this is indicative of a bug. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_passing_string_which_are_not_one_byte_long_to_ord$http_response_headeris deprecated. Instead one should call thehttp_get_last_response_headers()function. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_the_http_response_header_predefined_variable Mark $http_response_header as deprecated #4977array_first()andarray_last(). RFC: https://wiki.php.net/rfc/array_first_last [PHP 8.5] added array_[first|last] Documentation #4925IMAGETYPE_SVGwhen libxml is loaded.mail()now returns the actual sendmail error and detects if the sendmail process was terminated unexpectedly. In such cases, a warning is emitted and the function returns false. Previously, these errors were silently ignored. This change affects only the sendmail transport.getimagesize()now supports HEIF/HEIC images.getimagesize()now supports SVG images when ext-libxml is also loaded. Similarly,image_type_to_extension()andimage_type_to_mime_type()now also handleIMAGETYPE_SVG.getimagesize()now has two additional entries: "width_unit" and "height_unit" to indicate in which units the dimensions are expressed. These units are px by default. They are not necessarily the same (just to give one example: one may be cm and the other may be px).setcookie()andsetrawcookie()now support the "partitioned" key. RFC: https://wiki.php.net/rfc/CHIPSTokenizer✅
Details
T_VOID_CAST. [PHP 8.5] Add new tokens,T_VOID_CASTT_PIPE#5038T_PIPE. [PHP 8.5] Add new tokens,T_VOID_CASTT_PIPE#5038XML✅
Details
xml_parser_free()function has been deprecated, asXMLParserobjects are freed automatically. RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_xml_parser_free - Mark xml_parser_free as deprecated. #4892XSL
$namespaceargument ofXSLTProcessor::getParameter(),XSLTProcessor::setParameter()andXSLTProcessor::removeParameter()now actually works instead of being treated as empty. This only works if the $name argument does not use Clark notation and is not a QName because in those cases the namespace is taken from the namespace href or prefix respectively.Zlib
gzfile,gzopenandreadgzfilefunctions had been changed frominttoboolean.gzfile,gzopenandreadgzfilefunctions now respect the default stream context.flock()is now supported on zlib streams. Previously, this always failed to perform any locking action.Windows Support
PHP_VERSION,PHP_MINOR_VERSION, andPHP_RELEASE_VERSIONare now always numbers. Previously, they have been strings for buildconf builds.phpizebuilds now reflect the source tree in the build dir (like that already worked for in-tree builds); some extension builds (especially when using Makefile.frag.w32) may need adjustments.--enable-sanitizeris now supported for MSVC builds. This enables ASan and debug assertions, and is supported as of MSVC 16.10 and Windows 10.--with-uncritical-warn-chokeconfiguration option for clang builds is no longer supported. Select warnings to suppress viaCFLAGSinstead.FFI::cdef()andFFI::load(). However, this convenience feature should not be used in production.$readarray, and the$writeand$exceptarrays are empty,stream_select()now behaves similar to POSIX systems, i.e. the function only returns if at least one pipe is ready to be read, or after the timeout expires. Previously,stream_select()returned immediately, reporting all streams as ready to read.